WO2014050027A1 - 情報管理方法および情報管理システム - Google Patents
情報管理方法および情報管理システム Download PDFInfo
- Publication number
- WO2014050027A1 WO2014050027A1 PCT/JP2013/005509 JP2013005509W WO2014050027A1 WO 2014050027 A1 WO2014050027 A1 WO 2014050027A1 JP 2013005509 W JP2013005509 W JP 2013005509W WO 2014050027 A1 WO2014050027 A1 WO 2014050027A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- user
- history
- server
- service
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Definitions
- the present invention relates to an information management method and an information management system.
- life log information such as user home appliance usage history and TV viewing history
- life log information is related to the privacy of the user, personal information included in the life log information cannot be provided to a third party without the permission of the user.
- Patent Document 1 proposes a method of providing a service to an anonymous user in online transaction.
- the above conventional method has a problem that it cannot verify whether the service to be provided is a service for the user. That is, even if the service provider intends to provide a service for a different user to the user, it cannot be verified that the user to be provided is the user. Therefore, it may occur that an appropriate service cannot be provided to the user.
- the present invention has been made in view of the above circumstances, and an object thereof is to provide an information management method and an information management system capable of providing an appropriate service to a user while ensuring anonymity of the user. To do.
- an information management method in an information management apparatus for managing information, and includes a first user from a first server via a network.
- Device history information indicating an operation history of a device used by the device and first anonymized user information in which the first user information including attribute information capable of specifying the first user is anonymized according to a predetermined rule is received.
- service history information indicating the history of services enjoyed by the second user from a second server different from the first server via the network, and attribute information that can identify the second user.
- 2nd user information receives the 2nd anonymized user information anonymized by the said predetermined rule, and it judges that the 1st anonymized user information and the 2nd anonymized user information are the same or similar If it, in association with said received device history information and the service history information is managed as composite information.
- FIG. 1 is a diagram illustrating an example of the overall configuration of the information management system according to the first embodiment.
- FIG. 2 is a block diagram illustrating an example of the configuration of the manufacturer server according to the first embodiment.
- FIG. 3 is a diagram illustrating an example of the configuration of the device history certificate according to the first embodiment.
- FIG. 4 is a block diagram illustrating an example of the configuration of the portal server according to the first embodiment.
- FIG. 5 is a diagram illustrating an example of the anonymization rule according to the first embodiment.
- FIG. 6 is a diagram illustrating an example of the configuration of the proposal information certificate according to the first embodiment.
- FIG. 7 is a block diagram illustrating an example of a configuration of the service provider server according to the first embodiment.
- FIG. 1 is a diagram illustrating an example of the overall configuration of the information management system according to the first embodiment.
- FIG. 2 is a block diagram illustrating an example of the configuration of the manufacturer server according to the first embodiment.
- FIG. 3 is a diagram illustrating an
- FIG. 8 is a diagram illustrating an example of the configuration of the service history certificate.
- FIG. 9 is a sequence diagram of processing for providing proposal information to the user from the portal server.
- FIG. 10 is a sequence diagram of processing for providing proposal information to the user from the portal server.
- FIG. 11 is a sequence diagram of processing for providing proposal information to the user from the portal server.
- FIG. 12 is a sequence diagram of processing for providing proposal information to the user from the portal server.
- FIG. 13 is a diagram illustrating an example of the overall configuration of the information management system according to the second embodiment.
- FIG. 14 is a block diagram illustrating an example of the configuration of the manufacturer server according to the second embodiment.
- FIG. 15 is a diagram illustrating an example of a configuration of a device history certificate according to the second embodiment.
- FIG. 16 is a diagram illustrating an example of the personal information DB according to the second embodiment.
- FIG. 17 is a diagram illustrating an example of an ID list of the device history DB according to the second embodiment.
- FIG. 18 is a diagram illustrating an example of data recorded in the home appliance history DB according to the second embodiment.
- FIG. 19 is a block diagram illustrating an example of a configuration of a portal server according to the second embodiment.
- FIG. 20 is a diagram illustrating an example of the configuration of the proposal information DB.
- FIG. 21 is a diagram illustrating an example of data recorded in the proposed service information DB.
- FIG. 22 is a diagram illustrating an example of a configuration of a proposal information certificate according to the second embodiment.
- FIG. 23 is a block diagram illustrating an example of a configuration of a service provider server according to the second embodiment.
- FIG. 24 is a diagram illustrating an example of the service history DB according to the second embodiment.
- FIG. 25 is a diagram showing an example of the configuration of the personal information DB.
- FIG. 26 is a diagram illustrating an example of data recorded in the service information DB.
- FIG. 27 is a sequence diagram when the user registers with the manufacturer server using the user terminal.
- FIG. 28 is a sequence diagram when the user registers the home appliance using the user terminal.
- FIG. 29 is a sequence diagram when the device uploads device history information.
- FIG. 30 is a sequence diagram when providing proposal information to the user from the portal server according to the second embodiment.
- FIG. 31 is a sequence diagram when providing proposal information to the user from the portal server according to the second embodiment.
- FIG. 32 is a sequence diagram when providing proposal information to the user from the portal server according to the second embodiment.
- FIG. 33 is a diagram illustrating an example of the overall configuration of the information management system according to the third embodiment.
- FIG. 34 is a block diagram illustrating an example of the configuration of the manufacturer server according to the third embodiment.
- FIG. 35 is a diagram showing an example of the personal information DB according to the third embodiment.
- FIG. 36 is a diagram illustrating an example of the configuration of a device history certificate according to the third embodiment.
- FIG. 37 is a diagram illustrating an example of a configuration of a proposal information certificate according to the third embodiment.
- FIG. 38 is a block diagram illustrating an example of a configuration of a service provider server according to the third embodiment.
- FIG. 39 is an example of a configuration of a service history certificate according to the third embodiment.
- FIG. 40 is a sequence diagram illustrating a user registration process according to the third embodiment.
- FIG. 41 is a sequence diagram of the proposal information provision processing according to Embodiment 3.
- FIG. 42 is a sequence diagram of the proposal information provision processing according to Embodiment 3.
- FIG. 43 is a sequence diagram of the proposed information provision process according to Embodiment 3.
- FIG. 44 is a sequence diagram of proposed information provision processing according to Embodiment 3.
- FIG. 45 is a diagram illustrating an example of the configuration of a device history certificate including an expiration date.
- FIG. 45 is a diagram illustrating an example of the configuration of a device history certificate including an expiration date.
- FIG. 46 is a diagram illustrating an example of a provision data list of device history information.
- FIG. 47 is a sequence diagram of processing for providing proposal information from the portal server to the user.
- FIG. 48 is a sequence diagram of processing for providing proposal information from the portal server to the user.
- FIG. 49 is a sequence diagram of processing for providing proposal information from a portal server to a user.
- FIG. 50 is a diagram illustrating an example of the configuration of the proposal information certificate.
- FIG. 51 is a diagram illustrating an example of the overall configuration of the information management system.
- FIG. 52 is a diagram illustrating an example of the configuration of a device history certificate including device histories of a plurality of users.
- an information management method in an information management apparatus for managing information, and includes a first user from a first server via a network.
- Device history information indicating an operation history of a device used by the device and first anonymized user information in which the first user information including attribute information capable of specifying the first user is anonymized according to a predetermined rule is received.
- service history information indicating the history of services enjoyed by the second user from a second server different from the first server via the network, and attribute information that can identify the second user.
- 2nd user information receives the 2nd anonymized user information anonymized by the said predetermined rule, and it judges that the 1st anonymized user information and the 2nd anonymized user information are the same or similar If it, in association with said received device history information and the service history information is managed as composite information.
- This configuration can provide an appropriate service to the user while ensuring the user's anonymity.
- the first server, the information management device, and the second server can be linked, so that the information management device Can manage a user's device history and a service history that is the same as or similar to that user as decryption information.
- the information management apparatus can provide service proposal information to the corresponding user using the composite information. Since the first server and the second server only provide the information management apparatus with user information that is anonymized to the extent that the user cannot be specified, the information management apparatus protects the privacy of the user. On the other hand, it is possible to realize an information management method capable of generating proposal information and the like for the user using the composite information.
- the predetermined rule is a combination of the type of operation indicated by the device history information stored in the first server and the type of service indicated by the service history information stored in the second server. It may be determined based on this.
- the predetermined rule defines attribute information to be deleted or abstracted among one or more attribute information included in the first user information and the second user information.
- the first anonymized user information and the second anonymized user information include at least one of sex, age, age, address, and occupation of the first user and the second user as attribute information. It is good.
- the proposal information for the user also varies. Therefore, attribute information that can identify the user among the attribute information included in the user information is deleted or abstracted, but attribute information that cannot identify the user among the attribute information included in the user information is the type of service or the type of operation. Depending on the combination, it can be determined whether or not to delete or abstract. Thereby, the information management method which can produce
- the proposal information indicating the service proposal for the first user is generated, and the generated proposal information is provided to the first user via the first server. Also good.
- the proposal information may be information including a control program for controlling the device.
- proposal information indicating a service proposal for the second user based on the composite information, and to provide the generated proposal information to the second user via the second server. Good.
- first user and the second user may be the same user, or the first user and the second user may be different users.
- the service history information may be information including a history of the second user receiving a service related to health management including medical care.
- the service history information may be information including a history that the second user has received an education service.
- the service history information may be information including a history that the second user has received a traffic service.
- the predetermined rule may be further transmitted to the first server and the second server via a network.
- an information management system includes an information management device that manages information, device history information that indicates an operation history of a device used by a first user, A first server storing first user information including attribute information that can identify the first user, service history information indicating a history of services enjoyed by the second user, and the second user. A second server that stores second user information including identifiable attribute information, and the information management device receives the device history information and the first server from the first server via a network.
- the first user information is anonymized according to a predetermined rule, and the service history information and the second user information are received from the second server via the network.
- Predetermined The second anonymized user information that has been anonymized by the user and the first anonymized user information and the second anonymized user information are determined to be the same or similar, the received device
- the history information and the service history information are associated with each other and managed as composite information.
- the information management apparatus further transmits the predetermined rule to the first server and the second server via a network, and the first server stores the predetermined rule.
- the first anonymized user information is generated from the first user information by anonymizing the first user information according to the predetermined rule, and the stored device history information and the generated first Anonymized user information is transmitted to the information management device, and the second server is configured to anonymize the stored second user information according to the predetermined rule from the second user information.
- the service history information that is generated and stored second anonymized user information and the generated second anonymized user information may be transmitted to the information management device.
- FIG. 1 is a diagram illustrating an example of the overall configuration of the information management system according to the first embodiment.
- the information management system 13 includes a maker server 100c, a portal server 200c, service provider servers 300c to 300e, a device 400, and a user terminal 500.
- the device 400 is a device such as a television, a body composition meter, a running machine, an aero bike, or an electrically assisted bicycle.
- the device 400 is manufactured by a manufacturer having the manufacturer server 100c, and collects device history.
- the user terminal 500 is a mobile terminal such as a personal computer or a mobile phone.
- FIG. 2 is a block diagram illustrating an example of the configuration of the manufacturer server 100c according to the first embodiment.
- the manufacturer server 100c is an example of a first server, and includes a history DB control unit 101, a temporary identifier generation unit 102, a certificate generation unit 103, a certificate verification unit 104, a history DB 105, a device control instruction unit 106, and device control information.
- a DB 107, a communication unit 108, and an anonymization unit 121 are provided.
- the anonymization unit 121 anonymizes the corresponding user information among the user information stored in the personal information DB according to the anonymization rule (predetermined rule) received by the communication unit 108 from the portal server 200c.
- the user information is personal information of a user who can specify the user, and is information including attribute information which can specify the user.
- the history DB control unit 101 controls the history DB 105 to control the user personal information (user information), the device history (device history information) indicating the operation history of the device 400 used by the user, and the user personal information (user information). ) And the temporary identifier corresponding to the device history and the device history certificate.
- the history DB control unit 101 when providing (transmitting) the device history to the portal server 200c, the history DB control unit 101 requests the temporary identifier generation unit 102 to generate a temporary identifier corresponding to the user ID, and sends the portal server to the anonymization unit 121.
- the request is made to anonymize the corresponding user information (personal information of the corresponding user) stored in the personal information DB.
- the history DB control unit 101 receives a user ID and a temporary identifier from the temporary identifier generation unit 102 and receives anonymized user information (anonymized user information) from the anonymization unit 121
- the history DB 105 The user ID is associated with the temporary identifier, and the certificate generation unit 103 is requested to generate a signature for associating the temporary identifier, the anonymized user information, and the device history.
- the history DB control unit 101 manages the device history certificate received by the certificate generation unit 103 in association with the corresponding user ID and temporary identifier.
- the certificate verification unit 104 succeeds in verifying the proposal information certificate
- the history DB control unit 101 receives the proposal information indicating the service proposal for the user, and controls the device control instruction unit 106 to control the device based on the proposal information. Request.
- the device control information is received from the device control instruction unit 106, the device control information is provided to the corresponding user based on the user ID associated with the temporary identifier.
- the temporary identifier generation unit 102 generates a temporary identifier corresponding to the user ID.
- the temporary identifier generation unit 102 when receiving the request from the history DB control unit 101, the temporary identifier generation unit 102 generates a temporary identifier from the user ID.
- the temporary identifier generation method only needs to be uniquely associated with the user ID.
- a temporary identifier may be randomly generated, a result obtained by encrypting a user ID using an arbitrary encryption key may be used as a temporary identifier, and a result calculated using a one-way function for a user ID It may be a temporary identifier.
- the temporary identifier may include information that cannot identify the user's personal information. For example, gender and age may be included.
- the certificate generation unit 103 Upon receipt of the temporary identifier, device history, and anonymized user information from the history DB control unit 101, the certificate generation unit 103 generates a device history certificate.
- FIG. 3 shows an example of the configuration of the device history certificate according to the first embodiment.
- the device history certificate is a signature (manufacturer signature) with a signature generation key (not shown) held in the certificate generation unit 103 for the temporary identifier, the anonymized user information, and the device history. Is generated, the temporary identifier, the anonymized user information, and the device history are associated with each other and a signature (manufacturer signature) is given.
- the certificate generation unit 103 generates a device history certificate and then transmits a device history certificate and a public key certificate (not shown) including a signature verification key corresponding to the signature generation key.
- the public key certificate is a signature verification key signed by a certificate issuing center (not described in the overall configuration).
- a signature may be generated for a hash value obtained by combining the temporary identifier and the device history.
- the certificate verification unit 104 receives the proposal information certificate and the public key certificate including the signature verification key from the portal server 200c via the communication unit 108, and verifies the signature.
- signature verification of the proposal information certificate first, it is verified whether the portal server signature is correct with respect to the device history certificate and the proposal information. If the portal server signature is correct, verify that the manufacturer server signature of the device history certificate is correct. Only when the manufacturer server signature is also correct, the proposed information certificate is determined to be correct.
- the proposal information certificate is correct, the temporary identifier, the anonymized user information, and the proposal information are transmitted to the history DB control unit 101.
- the history DB 105 stores a personal information DB, a device history DB, a temporary identifier, and a device history certificate.
- the personal information DB stores user information including information such as name and address, which is basic user profile data, as attribute information.
- the device history DB is an operation history (for example, a TV channel operation history of a device 400) such as a home appliance owned by the user, or an information history of a user using the device 400 (for example, a history of the user's weight using a body composition meter) ).
- the device control instruction unit 106 Upon receiving a device control request from the history DB control unit 101, the device control instruction unit 106 searches for device control information of the corresponding device 400 in the device control information DB 107 and transmits the device control information to the history DB control unit 101.
- the device control information is information including a control program for controlling the device 400.
- the device control information may include, for example, a control program that controls the operating speed and time of the running machine, or may include a control program that controls the strength of the assist function of the electrically assisted bicycle. That is, the device control information only needs to include information related to device control.
- the device control information DB 107 stores device control information of the device 400.
- the communication unit 108 communicates with the portal server 200c, the device 400, and the user terminal 500.
- the communication unit 108 performs SSL (Secure Socket Layer) communication in communication with the portal server 200c and the user terminal 500.
- a certificate necessary for SSL communication is stored in the communication unit 108.
- the communication unit 108 receives an anonymization rule (predetermined rule) from the portal server 200c.
- the anonymization rule prescribes attribute information to be deleted or abstracted among attribute information included in user information stored in the personal information DB.
- the maker server 100c stores the device history indicating the operation history of the device 400 used by the first user and the first user information including attribute information that can identify the first user.
- the manufacturer server 100c anonymizes the stored first user information in accordance with a predetermined rule (anonymization rule) to generate first anonymized user information, the stored device history, and the generated first 1 anonymized user information is transmitted to the portal server 200c.
- FIG. 4 is a block diagram illustrating an example of the configuration of the portal server 200c according to the first embodiment.
- the portal server 200c is an example of an information management apparatus that manages information, and includes a proposal information generation unit 201, a proposal information DB 202, a certificate generation unit 203, a certificate verification unit 204, a communication unit 205, and an anonymization rule generation unit. 211 is provided.
- the anonymization rule generation unit 211 is anonymization that anonymizes user information (personal information) held by the manufacturer server 100c, the service provider server 300c, and the like in order to acquire information necessary for generating proposal information indicating a service proposal for the user.
- Generation rules predetermined rules
- attribute information to be deleted or abstracted is defined among the attribute information included in the user information (user personal information).
- the anonymization rule generation unit 211 determines based on the combination of the type of operation indicated by the device history stored in the manufacturer server 100c and the type of service indicated by the service history stored in the service provider server 300c and the like. This is because the proposal information for the user differs depending on the contents of the service history and the device used by the user.
- the attribute information included in the user information the attribute information that can identify the user needs to be deleted or abstracted.
- the attribute information that cannot identify the user is the type of service or the type of operation. Whether or not to delete or abstract is determined by the combination of.
- FIG. 5 is a diagram showing an example of the anonymization rule according to the first embodiment.
- FIG. 5 shows an anonymization rule when the proposal information is generated from the history information from the manufacturer server 100c and the service history information from the fitness service.
- the anonymization rule shown in FIG. 5 stipulates that the name item is deleted, the address item is information up to the municipality, and the addresses below the municipality are deleted. In addition, it is stipulated that the date of birth is abstracted, and the month and day are deleted until the year. In addition, it is stipulated that gender is provided as it is, and mail and hobbies are deleted.
- the attribute information to be deleted or abstracted is defined, but the user's gender, age, age, address, and / or occupation Is defined to include at least one attribute information among the anonymized user attribute information.
- the user's gender, age, age, address, and / or occupation is defined to include at least one attribute information among the anonymized user attribute information.
- the proposal information generation unit 201 generates proposal information indicating a service proposal for the generated first user based on the device history and the service history managed in association with each other as composite information. Then, the proposal information generation unit 201 provides the generated proposal information to the user via the manufacturer server 100c.
- the proposal information generation unit 201 is stored in the device history included in the device history certificate received from the manufacturer server 100c, the service history received from the service provider server 300c, and the like, and the proposal information DB 202. Based on the proposal information, proposal information to the user is generated. For example, the proposal information generation unit 201 is based on the temporary identifier, the anonymized user information, the device history received from the manufacturer server 100c, the temporary identifier, the anonymized user information, and the service information received from the service provider server 300c, etc. Generate proposal information. The proposal information generating unit 201 stores the generated proposal information in the proposal information DB.
- the proposal information generation unit 201 requests the certificate generation unit 203 to generate a proposal information certificate from the device history certificate and the proposal information after generating the proposal information.
- the proposal information certificate is received from the certificate generation unit 203, the proposal information certificate is transmitted to the manufacturer server 100c.
- the proposal information DB 202 stores proposal information proposed to the user.
- FIG. 6 shows an example of the configuration of the proposal information certificate according to the first embodiment.
- the proposal information certificate shown in FIG. 6 is a signature generated by a signature generation key (not shown) held in the certificate generation unit 203 after associating the device history certificate and the proposal information (portal server) This is a certificate with a signature.
- the certificate generation unit 203 After generating the proposal information certificate, the certificate generation unit 203 transmits a proposal information certificate and a public key certificate (not shown) including a signature verification key corresponding to the signature generation key.
- a public key certificate is a signature verification key signed by a certificate issuing center (not described in the overall configuration).
- a signature may be generated for a hash value obtained by combining the device history certificate and the proposal information.
- the certificate verification unit 204 When the certificate verification unit 204 receives the device history certificate and the public key certificate including the signature verification key from the manufacturer server 100c via the communication unit 205, the certificate verification unit 204 verifies the signature. In the signature verification of the device history certificate, it is verified whether the manufacturer server signature is correct with respect to the temporary identifier, the anonymized user information, and the device history included in the device history certificate. When the manufacturer server signature is correct, the temporary identifier, the anonymized user information, and the device history are transmitted to the proposal information generation unit 201.
- the communication unit 205 communicates with the manufacturer server 100c, the service provider server 300c, and the like. SSL communication is performed in communication with the manufacturer server 100c, the service provider server 300c, and the like. A certificate necessary for SSL communication is stored in the communication unit 205. In addition, the communication unit 205 transmits the anonymization rule (predetermined rule) generated by the anonymization rule generation unit 211 to the manufacturer server 100c, the service provider server 300c, and the like via the network.
- the anonymization rule predetermined rule
- the portal server 200c has anonymized the first user information including the device history and the attribute information that can identify the first user from the manufacturer server 100c via the network.
- First anonymized user information is received.
- the portal server 200c receives the second user information including the service history and the attribute information that can identify the second user from the service provider server 300c via the network in accordance with the anonymization rule.
- anonymized user information is received.
- the portal server 200c determines that the first anonymized user information and the second anonymized user information are the same or similar
- the received device history of the first user and the first user are the same or
- the service history of a similar second user is associated and managed as composite information.
- the portal server 200c generates proposal information indicating a service proposal for the first user based on the managed composite information data, and provides the generated proposal information to the first user via the manufacturer server 100c. To do.
- the portal server 200c provides the proposal information to the user via the manufacturer server 100c, but the present invention is not limited to this. If the user terminal 500 is connected to the service provider server 300c instead of the manufacturer server 100c via a network, the proposal information is provided to the second user via the service provider server 300c. Good.
- FIG. 7 is a block diagram illustrating an example of the configuration of the service provider server 300c according to Embodiment 1. Since the service provider servers 300d and 300e have the same configuration as the service provider server 300c, only the service provider server 300c will be described here.
- the service provider server 300c is an example of a second server, and includes a history DB control unit 301, a temporary identifier generation unit 302, a history DB 303, a communication unit 304, a certificate verification unit 312, a certificate generation unit 313, and anonymization Part 321 is provided.
- the anonymization unit 321 anonymizes corresponding user information among the user information stored in the personal information DB in accordance with the anonymization rule (predetermined rule) received by the communication unit 304 from the portal server 200c.
- the history DB control unit 301 controls the history DB 303 and corresponds to the user's personal information (user information), the service history indicating the service history enjoyed by the user, the user's personal information (user information), and the service history.
- the service history is information indicating a history of receiving a service related to fitness. For example, in the service history, history information indicating that a set of high-level aero bikes and 30 minutes of training was performed on the month and month of XXX is recorded.
- the history DB control unit 301 When providing (transmitting) the service history to the portal server 200c, the history DB control unit 301 requests the temporary identifier generation unit 302 to generate a temporary identifier corresponding to the user ID, and sends the anonymization unit 321 to the portal server 200c from the portal server 200c.
- anonymization of the corresponding user information personal information of the corresponding user stored in the personal information DB is requested.
- the history DB control unit 301 receives a user ID and a temporary identifier from the temporary identifier generation unit 302 and receives anonymized user information (anonymized user information) from the anonymization unit 321, the history DB 303
- the user ID is associated with the temporary identifier, and the temporary identifier, the anonymized user information, and the service history are associated with each other and managed.
- the history DB control unit 301 transmits a temporary identifier, anonymized user information, and a service history to the portal server 200 as service history information.
- the temporary identifier generation unit 302 generates a temporary identifier corresponding to the user ID. For example, when receiving a request from the history DB control unit 301, the temporary identifier generation unit 302 generates a temporary identifier from the user ID.
- the generation method of a temporary identifier should just be able to be tied uniquely with user ID, and may generate
- a result obtained by encrypting a user ID using an arbitrary encryption key may be used as a temporary identifier, and a result calculated using a one-way function may be used as a user ID as a temporary identifier.
- the temporary identifier may include information that cannot identify the user's personal information. For example, gender and age may be included.
- the certificate generation unit 313 Upon receiving the temporary identifier, the device history, and the anonymized user information from the history DB control unit 301, the certificate generation unit 313 generates a service history certificate.
- FIG. 8 shows an example of the configuration of the service history certificate.
- the service history certificate generates a signature with a signature generation key (not shown) held in the certificate generation unit 313 for the temporary identifier, anonymized user information, and service history, and the temporary identifier and anonymized user information And a certificate with a signature (service provider signature) associated with the service history.
- the certificate generation unit 313 After generating the service history certificate, the certificate generation unit 313 transmits a service history certificate and a public key certificate (not shown) including a signature verification key corresponding to the signature generation key.
- the certificate verification unit 312 receives the proposal information certificate and the public key certificate including the signature verification key from the portal server 200c via the communication unit 304, and verifies the signature. Since the certificate verification unit 312 described above is the same as the certificate verification unit 104, description thereof is omitted.
- the history DB 303 stores a personal information DB, a service history DB, and a temporary identifier.
- the personal information DB stores information such as name and address, which is basic user profile data, as user information.
- the service history DB stores a history of services enjoyed by the user.
- the communication unit 304 communicates with the portal server 200c.
- the communication unit 304 performs SSL (Secure Socket Layer) communication in communication with the portal server 200c.
- a certificate necessary for SSL communication is stored in the communication unit 304.
- the communication unit 304 receives an anonymization rule (predetermined rule) from the portal server 200c.
- the service provider server 300c stores the service history indicating the history of services enjoyed by the second user and the second user information including attribute information that can identify the second user.
- the service provider server 300c generates and stores second anonymized user information from the second user information by anonymizing the attribute information included in the stored second user information according to the anonymization rule.
- the service history and the generated second anonymized user information are transmitted to the portal server 200c.
- Operation of Information Management System 13 includes the following.
- FIGS. 9 to 12 are sequence diagrams of processing for providing proposal information to the user from the portal server 200c. The provision of the proposal information is performed regularly or irregularly.
- SSL authentication is performed between the manufacturer server 100c and the portal server 200c to establish an encrypted communication path.
- the portal server 200c generates an anonymization rule and transmits the anonymization rule to the manufacturer server 100c.
- the manufacturer server 100c anonymizes the user's personal information (user information) based on the received anonymization rule, and generates a temporary identifier from the user ID.
- the manufacturer server 100c generates a signature (maker signature) for the temporary identifier, the anonymized user information, and the device history, and generates a device history certificate as shown in FIG. Then, the maker server 100c transmits the generated device history certificate and public key certificate to the portal server 200c.
- a signature maker signature
- the maker server 100c transmits the generated device history certificate and public key certificate to the portal server 200c.
- the portal server 200c receives the device history certificate and the public key certificate from the manufacturer server 100c, and verifies these certificates. If verification of these certificates fails, an error is notified to the manufacturer server 100c.
- the portal server 200c performs SSL authentication with the service provider server 300c, for example, and establishes an encrypted communication path.
- the portal server 200c transmits a service history acquisition request related to the device history information received to the service provider server 300c together with the anonymization rule.
- the service provider server 300c when the service provider server 300c receives the service information acquisition request and the anonymization rule from the portal server 200c, the service provider server 300c anonymizes the user's personal information (user information) based on the anonymization rule. Generate a temporary identifier.
- the service provider server 300c generates a signature for the temporary identifier, the anonymized user information, and the service history, and generates a service history certificate as shown in FIG.
- the service provider server 300c transmits a service history certificate and a public key certificate to the portal server 200c.
- the portal server 200c receives the service history certificate and the public key certificate from the service provider server 300c, and verifies these certificates. If verification of these certificates fails, an error is notified to the service provider server 300c.
- the portal server 200 confirms whether the received device history certificate and service history certificate are anonymized according to the anonymization rule.
- the anonymized user information is neither the same nor similar, an error is notified to the maker server 100c and the service provider server 300c.
- the portal server 200c records the device history certificate received from the manufacturer server 100c and the service history certificate received from the service provider server 300c.
- the portal server 200c generates proposal information based on the device history of the device history certificate, the service history of the service history certificate, and the anonymized user information.
- the portal server 200c generates a signature for the generated proposal information and the device history certificate, and generates a proposal information certificate as shown in FIG.
- the portal server 200c transmits the generated proposal information certificate to the manufacturer server 100c.
- the manufacturer server 100c verifies the received proposal information certificate. If the verification of the proposal information certificate fails, the manufacturer server 100c notifies the portal server 200c of an error.
- the maker server 100c searches the equipment history certificate in the history DB 105 from the equipment history certificate included in the proposal information certificate. A user ID corresponding to the temporary identifier included in the searched device history certificate is searched, and the user ID that should provide the proposal information is specified.
- the manufacturer server 100c provides proposal information to the specified user ID.
- the manufacturer server 100c notifies the user terminal 500 that the device control information is present, and when the user terminal 500 receives a notification of OK, the control information Send. If the proposal information does not include control information of the device 400, the proposal information is transmitted to the user terminal 500.
- the maker server 100c, the portal server 200c, the service provider server 300c, etc. can provide service proposal information to the user using the device history of the user and a service history that is the same as or similar to the user.
- the maker server 100c, the service provider server 300c, and the like merely provide user information that is anonymized to the portal server 200c to such an extent that service proposal information that cannot be specified by the user can be created. That is, the manufacturer server 100c, the service provider server 300c, and the like do not provide personal information of the user to the portal server 200c. In this way, it is possible to realize an information management method and an information management system that can generate proposal information while protecting user privacy.
- the user only has to register the user's personal information (user information) only when registering with the manufacturer server 100c or the service provider server 300c. That is, the user can acquire the proposal information from the portal server 200c without the portal server 200c providing personal information (user information).
- the maker server 100c generates a proposal information certificate for the device history certificate provided by the maker server 100c, so that the provided device history certificate is falsified or the device history information of another user is changed. It can be verified that the information is replaced with the proposal information.
- the service history is described as information indicating a history of receiving a service related to fitness. Not limited to that.
- the service history includes services related to the diet service B and the insurance service C. Shows the history received.
- the service history is not limited to the above example, and may be information indicating a history of receiving services related to health management including medical care, or may be information indicating a history of receiving education services. Information indicating a history of receiving a traffic service may be used.
- the service history is information indicating the history of receiving the education service
- the service history records, for example, history information indicating the date and time of receiving the distance learning service and the content of the distance learning service.
- a service provider that provides a correspondence education service transmits to the portal server 200c a service history in which history information indicating the date and content of the same or similar user who received the correspondence education service is recorded.
- the manufacturer server 100c transmits to the portal server 200c together with the first anonymized user who has generated the device history in which the viewing history indicating, for example, the contents of the television viewed by the user is recorded.
- the portal server 200c can provide the user with proposal information for proposing an education service related to an event that the user is interested in based on the received service history, device history, and the like.
- FIG. 13 is a diagram illustrating an example of the overall configuration of the information management system according to the second embodiment.
- the information management system 11 includes a maker server 100, a portal server 200, a service provider server 300, a device 400, and a user terminal 500. Note that components having functions similar to those of the first embodiment are denoted by the same reference numerals and description thereof is omitted.
- FIG. 14 is a block diagram illustrating an example of the configuration of the manufacturer server 100 according to the second embodiment. 14 includes a history DB control unit 101A, a temporary identifier generation unit 102, a certificate generation unit 103A, a certificate verification unit 104, a history DB 105, a device control instruction unit 106, a device control information DB 107, and a communication unit 108. Consists of The manufacturer server 100 is different from the manufacturer server 100c of the first embodiment in that the anonymization unit 121 is not provided.
- the history DB control unit 101A controls the history DB 105 to control user personal information (user information), device history (device history information) indicating the operation history of the device 400 used by the user, and user personal information (user information). ) And the temporary identifier corresponding to the device history and the device history certificate.
- the history DB control unit 101A when providing the device history information to the portal server 200, the history DB control unit 101A requests the temporary identifier generation unit 102 to generate a temporary identifier corresponding to the user ID. Further, for example, when the history DB control unit 101A receives a user ID and a temporary identifier from the temporary identifier generation unit 102, the history DB control unit 101A associates the user ID with the temporary identifier in the history DB 105, and stores the temporary identifier and the device history. The certificate generation unit 103A is requested to generate a signature to be associated. The history DB control unit 101A manages the device history certificate received by the certificate generation unit 103A in association with the corresponding user ID and temporary identifier.
- the history DB control unit 101A receives the proposal information indicating the service proposal for the user after the certificate verification unit 104 has successfully verified the proposal information certificate, and sends the appliance control device 106 to the appliance control device 106 based on the proposal information. Request control.
- the history DB control unit 101A receives the device control information from the device control instruction unit 106, the history DB control unit 101A provides the device control information to the corresponding user based on the user ID.
- the temporary identifier generation unit 102 generates a temporary identifier corresponding to the user ID.
- a request is received from the history DB control unit 101A, and a temporary identifier is generated from the user ID.
- the method for generating the temporary identifier is as described in the first embodiment, and thus the description thereof is omitted.
- the certificate generation unit 103A generates a device history certificate when receiving the temporary identifier and the device history from the history DB control unit 101A.
- FIG. 15 shows an example of the configuration of the device history certificate according to the second embodiment.
- the device history certificate includes a signature (manufacturer signature) generated with a signature generation key (not shown) held in the certificate generation unit 103A for the temporary identifier and the device history. This is a certificate given after the temporary identifier and the device history are linked.
- the certificate generation unit 103A transmits a public key certificate (not shown) including a signature verification key corresponding to the device history certificate and the signature generation key.
- the public key certificate is a signature verification key signed by a certificate issuing center (not described in the overall configuration).
- a signature may be generated for a hash value obtained by combining the temporary identifier and the device history.
- the certificate verification unit 104 receives the public key certificate including the proposal information certificate and the signature verification key from the portal server 200 via the communication unit 108, and verifies the signature. Since the signature verification of the proposal information certificate is as described in the first embodiment, the description thereof is omitted. If the proposal information certificate is correct, the certificate verification unit 104 transmits a temporary identifier and proposal information to the history DB control unit 101A.
- the history DB 105 stores a personal information DB, a device history DB, a temporary identifier, and a device history certificate.
- the personal information DB stores user information including information such as name and address, which is basic user profile data, as attribute information.
- FIG. 16 is a diagram showing an example of the configuration of the personal information DB according to the second embodiment.
- the user information includes the user's name, address, date of birth, sex, and hobby as items (attribute information items). These items may be set in the system in various ways.
- attribute information of user information of ID11 name: Miki Yamada, address: 3-10, Fukushima-ku, Osaka City, date of birth: October 5, 1980, gender: female, hobby: aerobics It is registered.
- attribute information of the user information of ID12 name: Jiro Sato, address: 1-19, Minato-ku, Tokyo, date of birth: March 3, 1990, gender: male, hobby: reading are registered .
- the attribute information included in the user information is attribute information input by the user when the user first registers with the manufacturer server 100.
- the device history DB includes an operation history (for example, a TV channel operation history) of the device 400 such as a home appliance owned by the user, a device history of the user using the device 400 (for example, a user's weight using a body composition meter). Histories).
- FIG. 17 is a diagram showing an example of an ID list of the device history DB according to the second embodiment.
- the device 400 is, for example, a body composition meter, a TV, and an activity meter, and the device history of the body composition meter is stored in the database of IDA1, and the device history of TV is stored in the database of IDA2. This shows that the device history of the activity meter is stored in the database of IDA3.
- FIG. 18 is a diagram illustrating an example of data recorded in the home appliance history DB according to the second embodiment.
- each home appliance history DB is configured for each type of home appliance (device 400), and the device history (home appliance history information) is recorded for each user ID.
- the database of IDA1 that is, the DB of the body composition meter, “2012.1.1, body weight 55 kg, body fat percentage 18%, 2012.1.3” as home appliance history information with user ID ID11.
- “Weight 56 kg, body fat percentage 19%” is recorded. This shows that when measured at 2012.1.1, the body weight was 55 kilograms and the body fat percentage was 18%. In 2012.1.3, the body weight was 56 kilograms and the body fat percentage was 19%. It shows that it was.
- the information with the user ID of the user ID 12 is recorded as “2011.12.30 weight 80 kg, body fat percentage 22%, 2012.1.3 weight 82 kg, body fat percentage 22%”.
- the home appliance history information (device history of the device 400) as described above is uploaded regularly or irregularly from the home appliance registered by the user to the manufacturer server.
- the device control instruction unit 106 Upon receiving a request for device control from the history DB control unit 101A, the device control instruction unit 106 searches the device control information DB 107 for device control information of the corresponding home appliance (device 400), and stores the device control information in the history DB control unit. 101A is transmitted. Note that the device control information is the same as that described in the first embodiment, and a description thereof will be omitted.
- the device control information DB 107 stores device control information of the device 400.
- the communication unit 108A communicates with the portal server 200, the device 400, and the user terminal 500.
- SSL Secure Socket Layer
- a certificate necessary for SSL communication is stored in the communication unit 108.
- the maker server 100 stores the device history indicating the operation history of the device 400 used by the user and the user information including attribute information that can identify the user.
- the manufacturer server 100 generates a temporary identifier corresponding to the stored user information, and transmits the stored device history and the generated temporary identifier to the portal server 200.
- FIG. 19 is a block diagram illustrating an example of the configuration of the portal server 200 according to the second embodiment.
- the portal server 200 includes a proposal information generation unit 201A, a proposal information DB 202, a certificate generation unit 203A, a certificate verification unit 204A, and a communication unit 205.
- the portal server 200 is different in configuration from the maker server 100c of the first embodiment in that there is no anonymization rule generation unit 211.
- the proposal information generation unit 201 ⁇ / b> A includes the device history included in the device history certificate received from the manufacturer server 100, the service history included in the service history certificate received from the service provider server 300, and the proposal information stored in the proposal information DB 202. Based on the above, proposal information for the user is generated. Details of the proposal information generation method will be described later.
- the proposal information generation unit 201A stores the generated proposal information in the proposal information DB.
- the proposal information generation unit 201A requests the certificate generation unit 203A to generate a proposal information certificate from the device history certificate and the proposal information.
- the proposal information certificate is transmitted to the manufacturer server 100.
- the proposal information DB 202 stores (stores) proposal information proposed to the user.
- FIG. 20 is a diagram illustrating an example of the configuration of the proposal information DB 202.
- the stored proposal information includes items of a genre of proposal information and a service information DB. More specifically, it is shown that the diet proposal service information DB is stored in the IDS1 database in the category of recommended diets and programs. In the recommended genre of program, it is shown that the suggested service information DB is stored in the database of IDA2.
- FIG. 21 is a diagram showing an example of data recorded in the proposed service information DB.
- the proposal service history DB is configured for each type of proposal information, and the proposal information is recorded for each ID of the proposal service information.
- the proposal information of IDS1 a diet program for men in their 30s and a diet program for women in their 30s are stored as diet proposal information.
- the diet program for women in their 30s for example, programs such as a running machine for 30 minutes and an exercise bike for 30 minutes are stored.
- animation favorite recommended programs, sports favorite recommended programs, and the like are stored as recommended program recommended information.
- FIG. 22 shows an example of the configuration of the proposal information certificate according to the second embodiment.
- the proposal information certificate shown in FIG. 22 is a signature (portal server) generated by a signature generation key (not shown) held in the certificate generation unit 203A after associating the device history certificate with the proposal information. This is a certificate with a signature.
- the certificate generation unit 203A transmits a proposal information certificate and a public key certificate (not shown) including a signature verification key corresponding to the signature generation key.
- the public key certificate is obtained by signing a signature verification key by a certificate issuing center (not described in the overall configuration).
- the signature generation may be performed for a hash value of a value obtained by combining the device history certificate and the proposal information.
- the certificate verification unit 204A Upon receipt of the device history certificate and the public key certificate including the signature verification key from the manufacturer server 100 via the communication unit 205, the certificate verification unit 204A verifies the signature. In the signature verification of the device history certificate, it is verified whether the manufacturer server signature is correct with respect to the temporary identifier and the device history included in the device history certificate. If the manufacturer server signature is correct, the temporary identifier and the device history are transmitted to the proposal information generation unit 201.
- the communication unit 205A communicates with the manufacturer server 100 and the service provider server 300. SSL communication is performed in communication with the manufacturer server 100 and the service provider server 300. A certificate necessary for SSL communication is stored in the communication unit 205.
- the proposal information generation unit 201A generates proposal information based on the temporary identifier and device history received from the manufacturer server 100, and the temporary identifier and service information received from the service provider. .
- generating a diet program as proposal information is demonstrated.
- the proposal information generation unit 201A acquires a temporary identifier included in the device history certificate received from the maker server 100, and uses the device history, that is, the age and body composition of the user who uses the device 400, which is a body composition meter. Information etc. can be acquired.
- the proposal information generation unit 201 ⁇ / b> A acquires a service history indicating a history of services enjoyed by the user from the service provider server 300.
- the service provider server 300 is owned by the fitness club
- the proposal information generation unit 201A acquires a service program provided by the fitness club from the service provider server 300 as a service history together with the temporary identifier.
- the proposal information generation unit 201A refers to the service history of the same age as the user who should provide the proposal information based on the temporary identifier acquired from the service provider server 300, and determines the proposal information for the user corresponding to the temporary identifier.
- the proposal information generation unit 201 selects the 30s out of the users corresponding to the temporary identifier received from the service provider server 300.
- the service provided for women in their 30s is searched by referring to the service history associated with the woman.
- the proposal information generation unit 201 determines the diet program obtained as a search result as proposal information for the user corresponding to the temporary identifier received from the manufacturer server 100.
- the time to apply the load to the power-assisted bicycle is determined and provided as proposal information so that the same load is applied as when the diet program is executed on an exercise bike. To do.
- the proposal information at this time is, for example, that a load is applied for 60 minutes with an electrically assisted bicycle.
- the proposal information generation unit 201 can generate a diet program for women in their 30s as proposal information.
- the portal server 200 can provide the user with control information from the maker server 100 to the electrically assisted bicycle by providing this proposal information to the maker server 100.
- the portal server 200 receives the device history and the temporary identifier from the manufacturer server 100 via the network. Further, the portal server 200 receives a service history and a temporary identifier from the service provider server 300 via the network. Then, the portal server 200 generates proposal information indicating a service proposal for the user based on the user information associated with the temporary identifier, the device history, and the service history, and the generated proposal information is transmitted via the manufacturer server 100. To the user.
- FIG. 23 is a block diagram illustrating an exemplary configuration of the service provider server 300 according to the second embodiment.
- the service provider server 300 includes a history DB control unit 301A, a temporary identifier generation unit 302, a history DB 303, and a communication unit 304A.
- the service provider server 300 is different from the service provider server 300c of the first embodiment in that the anonymization unit 321 is not provided.
- the history DB control unit 301A controls the history DB 303 and corresponds to the user's personal information (user information), the service history indicating the service history enjoyed by the user, the user's personal information (user information), and the service history. To manage temporary identifiers.
- the history DB control unit 301A requests the temporary identifier generation unit 302 to generate a temporary identifier corresponding to the user ID when providing service history information to the portal server 200. Further, for example, when the history DB control unit 301A receives a user ID and a temporary identifier from the temporary identifier generation unit 302, the history DB control unit 301A associates the user ID with the temporary identifier in the history DB 303, and stores the temporary identifier and the service history. Manage in association. The history DB control unit 301A transmits a temporary identifier and a service history to the portal server 200 as service history information.
- FIG. 24 is a diagram illustrating an example of a configuration of service history information according to the second embodiment.
- the temporary identifier generation unit 302 generates a temporary identifier corresponding to the user ID. For example, when receiving a request from the history DB control unit 301, the temporary identifier generation unit 302 generates a temporary identifier from the user ID.
- the method for generating a temporary identifier is as described in the first embodiment, and thus the description thereof is omitted.
- the history DB 303 stores a personal information DB, a service history DB, and a temporary identifier.
- the personal information DB stores user information including information such as name and address, which is basic user profile data, as attribute information.
- FIG. 25 is a diagram illustrating an example of a configuration of a personal information DB according to the present disclosure.
- the user information includes the user's name, address, date of birth, sex, and hobby as items (attribute information items). These items may be set in the system in various ways.
- attribute information of user information of ID21 name: Miki Yamada, address: 3-10, Fukushima-ku, Osaka City, date of birth: October 5, 1980, gender: female, hobby: aerobics It is registered.
- attribute information of user information of ID22 name: Goro Kato, address: 1-19, Chuo-ku, Chiba City, date of birth: June 1, 1975, gender: male, hobby: marathon are registered. .
- the attribute information (common attribute information item) included in the user information is attribute information input by the user when the user first registers with the service provider server 300.
- FIG. 26 is a diagram illustrating an example of data recorded in the service information DB.
- the service history DB stores the service history for each ID as the history information of the proposed service. For example, in the history information of the service provided by ID21, “2011.12.28, 2 sets of aero not to run, run 30 minutes, advice, 2012.1.3, 1 set of advanced aero, motorcycle 30 minutes” is recorded. This indicates that in 2011.12.28, two sets of non-running aero, training for 30 minutes were received, and further advice on training was received. Similarly, in the history information of the provision service of ID22, 2012.1.3 shows that one set of advanced aero, training for 30 minutes was received.
- the communication unit 304A communicates with the portal server 200.
- the communication unit 304A performs SSL (Secure Socket Layer) communication in communication with the portal server 200c.
- a certificate necessary for SSL communication is stored in the communication unit 304A.
- the service provider server 300 stores the service history indicating the history of services enjoyed by the user and the user information that can identify the user.
- the service provider server 300 generates a temporary identifier corresponding to the stored user information, and transmits the stored service history and the generated temporary identifier to the portal server 200.
- the process which a user registers into the service provider server 300 using a user terminal is the same as the process of (1), description is abbreviate
- the process of registering the user service history in the service provider server 300 differs depending on the service provider. That is, the user may register the service history, or may register the service history provided on the service provider side.
- FIG. 27 is a sequence diagram when the user registers in the manufacturer server 100 using the user terminal 500.
- SSL authentication is performed between the manufacturer server 100 and the user terminal 500 to establish an encrypted communication path.
- SSL authentication and SSL communication path will not be described in detail here.
- the user terminal 500 transmits the user ID to the manufacturer server 100. If the transmitted user ID is already registered, the manufacturer server 100 notifies the user terminal 500 to that effect, and ends the registration process. On the other hand, if the transmitted user ID is unregistered, the fact that new registration is possible is transmitted to the user terminal 500.
- the user inputs a password (hereinafter referred to as PW) and personal information through the user terminal 500 according to a predetermined format.
- PW a password
- these pieces of information are recorded in the personal information DB included in the history DB 105 in the manufacturer server 100 as described above.
- the PW is used when the user connects to the manufacturer server 100 from the next time.
- the manufacturer server 100 records the input PW in, for example, the communication unit 108 that communicates with the user terminal 500 in FIG. 14, and the user ID and the recorded PW and the user ID input from the user and Compare with PW and allow connection when they match.
- FIG. 28 is a sequence diagram when the user registers his / her home appliance 400 using the user terminal 500.
- the user performs, for example, registration processing by starting a maker application (not shown) in the user terminal 500.
- the user may register by connecting to the manufacturer server 100 using the user terminal 500.
- SSL authentication is performed between the manufacturer server 100 and the user terminal 500 to establish an encrypted communication path.
- the user inputs the PW set at the time of initial registration.
- the maker server 100 compares the PW recorded in correspondence with the user ID, and determines that the authentication is successful if they match. In the case of authentication failure, the user is notified of the authentication failure.
- the user inputs the device ID to be registered from the home appliance registration menu of the application to the user terminal 500 and transmits it from the user terminal 500.
- the device ID is an ID for identifying the device 400.
- the device ID may be printed on the casing of the device 400 or a bundled printed material. In this case, the user inputs the device ID being printed.
- the user terminal 500 may acquire the device ID from the device 400. In this case, for example, the device ID may be acquired by communicating between the user terminal 500 and the device 400 and transmitted from the user terminal 500 to the manufacturer server 100.
- the manufacturer server 100 registers the device ID in association with the user ID.
- FIG. 29 is a sequence diagram when the device 400 uploads device history information. Uploads are performed regularly or irregularly.
- the device 400 uploads the accumulated device history to the manufacturer server 100 together with the device ID.
- the manufacturer server 100 receives the device ID and the device history, searches the device history DB corresponding to the device ID using the device ID, and receives the device history received in the corresponding user ID area.
- FIGS. 30 to 32 are sequence diagrams when proposing information is provided to a user from the portal server 200 according to Embodiment 2. .
- the provision of the proposal information is performed regularly or irregularly.
- SSL authentication is performed between the manufacturer server 100 and the portal server 200 to establish an encrypted communication path.
- the manufacturer server 100 selects a user who wants to provide a service, and generates a temporary identifier from the user ID.
- the manufacturer server 100 generates a signature for the temporary identifier and the device history, and generates a device history certificate.
- the manufacturer server 100 transmits the generated device history certificate and public key certificate to the portal server 200.
- the portal server 200 receives the device history certificate and the public key certificate from the manufacturer server 100, and verifies these certificates. When the verification of the certificate fails, an error is notified to the manufacturer server 100.
- the portal server 200 performs SSL authentication with the service provider server 300 and establishes an encrypted communication path.
- the portal server 200 transmits a service history acquisition request related to the device history information to the service provider server 300.
- the service provider server 300 upon receiving the service information acquisition request from the portal server 200, the service provider server 300 generates a temporary identifier from the user ID and transmits the temporary identifier and the service history to the portal server 200.
- the portal server 200 upon receiving the service history from the service provider server 300, the portal server 200 generates proposal information based on the device history and the service history.
- the portal server 200 generates a signature for the generated proposal information and the device history certificate, and generates a proposal information certificate.
- the portal server 200 transmits the generated proposal information certificate to the manufacturer server 100.
- the manufacturer server 100 verifies the received proposal information certificate. If verification of the proposal information certificate fails, an error is notified to the portal server 200.
- the manufacturer server 100 searches for the device history certificate in the history DB from the device history certificate included in the proposal information certificate. Further, the maker server 100 searches for a user ID corresponding to the temporary identifier included in the searched device history certificate, and specifies a user ID that should provide proposal information.
- the manufacturer server 100 provides proposal information to the specified user ID.
- the proposal information includes control information of the device 400
- the user terminal 500 is notified that the control information is included in the proposal information, and when the user terminal 500 receives a notification of OK, the control information Send.
- the proposal information does not include the control information of the device 400, the above notification is not performed and the proposal information is transmitted to the user terminal 500.
- the manufacturer server 100, the portal server 200, and the service provider server 300 can be linked by using the temporary identifier.
- Service proposal information can be provided.
- the portal server 200 protects the privacy of the user by providing a device history using a temporary identifier without providing personal information to the portal server 200 that cooperates with the manufacturer server 100. While, proposal information can be generated. Further, the maker server 100 generates a proposal information certificate for the device history certificate provided by the maker server 100 so that the provided device history certificate is falsified or the device history information of another user is changed. The manufacturer server 100 can verify that the proposal information has been replaced. Further, the user can receive proposal information from the portal server 200 in cooperation with the service provider server 300 without registering personal information other than the manufacturer server 100.
- the user registers personal information only when registering with the manufacturer server 100 and does not need to register for each service.
- the maker server 100 provides the portal server 200 with a temporary identifier together with the device history, but the temporary identifier cannot be associated with a specific user other than the maker server 100 (that is, the user cannot be specified). Consideration has also been realized. Further, the manufacturer server 100 manages user information and a temporary identifier in association with each other, verifies that the proposal information is suitable for the user by adding a signature to the temporary identifier and providing it to the portal server. Is possible.
- the proposal information is provided from the portal server by associating the user's device history and the service history with the permission of the user. Will be described.
- FIG. 33 is a diagram illustrating an example of the overall configuration of the information management system according to the third embodiment.
- the information management system 12 includes a maker server 100b, a portal server 200b, a service provider server 300b, a device 400, and a user terminal 500. Note that components having the same functions as those in the first and second embodiments are denoted by the same reference numerals and description thereof is omitted.
- FIG. 34 is a block diagram illustrating an example of a configuration of the manufacturer server 100b according to the third embodiment.
- 34 includes a history DB control unit 101B, a temporary identifier generation unit 102, a certificate generation unit 103B, a certificate verification unit 104, a history DB 105, a device control instruction unit 106, a device control information DB 107, and a communication unit 108A.
- an encryption processing unit 111 included in addition to the configuration of the manufacturer server 100 of the second embodiment.
- the history DB control unit 101B may provide the device history with personal information to the service provider server 300b to the user using the user terminal 500 in addition to the function of the history DB control unit 101A of the first embodiment. Has an inquiry function.
- the history DB control unit 101 ⁇ / b> B updates the personal information DB in the history DB 105 when receiving the availability of provision of device history with personal information from the user terminal 500.
- the personal information corresponds to the user information in the first and second embodiments.
- FIG. 35 is a diagram showing an example of the configuration of the personal information DB according to the third embodiment.
- the personal information DB stores user personal information and a service provider ID that can provide a device history with personal information.
- the history DB control unit 101B provides a device history when acquiring proposal information from the portal server 200b. More specifically, when the user who provides the proposal information can provide the device history with personal information, the history DB control unit 101B can provide the personal information corresponding to the user ID together with the service provider ID.
- the encryption processing unit 111 is requested to encrypt the information.
- the history DB control unit 101B When the history DB control unit 101B receives the encrypted personal information from the encryption processing unit 111, the history DB control unit 101B requests the certificate generation unit 103 to generate a signature that associates the temporary identifier, the service provider ID, the encrypted personal information, and the device history. When the device history certificate is received from the certificate generation unit 103, the received device history certificate is transmitted to the portal server 200b.
- the certificate generation unit 103B generates a device history certificate when receiving a temporary identifier, a service provider ID, encrypted personal information, and a device history from the history DB control unit 101B.
- FIG. 36 shows an example of the configuration of the device history certificate according to the third embodiment.
- the device history certificate shown in FIG. 36 is a signature generated with a signature generation key (not shown) held in the certificate generation unit 103B for the temporary identifier, service provider ID, encrypted personal information, and device history.
- (Manufacturer signature) is a certificate assigned after a temporary identifier, a service provider ID, encrypted personal information, and a device history are associated with each other.
- a public key certificate (not shown) including a device history certificate and a signature verification key corresponding to the signature generation key is transmitted.
- a public key certificate is a signature verification key signed by a certificate issuing center (not described in the overall configuration).
- the encryption processing unit 111 holds the public key of the service provider, receives the encryption processing request and the service provider ID from the history DB control unit 101B, encrypts the personal information with the public key corresponding to the service provider ID, The encrypted personal information is transmitted to the history DB control unit 101B.
- the portal server 200b has the same configuration as the portal server 200 of the second embodiment. That is, the portal server 200b includes a proposal information generation unit 201B, a proposal information DB 202, a certificate generation unit 203B, a certificate verification unit 204A, and a communication unit 205.
- the proposal information generation unit 201B is stored in the device history included in the device history certificate received from the manufacturer server 100b, the service history included in the service history certificate received from the service provider server 300b, and the proposal information DB 202. Proposal information for the user is generated based on the proposal information. More specifically, when receiving the device history certificate from the maker server 100b, the proposal information generation unit 201B sends a service history certificate acquisition request to the corresponding service provider based on the service provider ID. When the service history certificate is received from the service provider server 300b, proposal information is generated using the device history included in the device history certificate and the service history included in the service history certificate. In the present embodiment, the user corresponding to the device history certificate and the user corresponding to the service history certificate are the same.
- the proposal information generation unit 201B acquires a temporary identifier in the user's device history certificate received from the manufacturer server 100b, and uses the device history, ie, the age and body of the user who has used the device 400, which is a body composition meter. Composition information and the like can be acquired.
- the proposal information generation unit 201B acquires a service history indicating a history of services enjoyed by the user from the service provider server 300b.
- the service provider server 300b is owned by the fitness club, and the proposal information generation unit 201B acquires the service program provided to the user at the fitness club from the service provider server 300b as a service history together with the temporary identifier.
- the proposal information generation unit 201B refers to the service history of the same age as the user acquired from the service provider server 300b, and based on the service history of other users who have succeeded in dieting, the proposal information generation unit 201B Generate.
- the proposal information for the user includes, for example, a menu at a fitness club, an exercise menu at home, and a cooking recipe for dieting.
- the certificate generation unit 203B generates a proposal information certificate including a service history certificate in addition to the proposal information and the device history certificate.
- FIG. 37 shows an example of the configuration of the proposal information certificate according to the third embodiment.
- the proposal information certificate shown in FIG. 37 is generated with a signature generation key (not shown) held in the certificate generation unit 203B after associating the device history certificate, service history certificate, and proposal information. This is a certificate with a signature (portal server signature).
- the certificate generation unit 203B After generating the proposal information certificate, the certificate generation unit 203B transmits a proposal information certificate and a public key certificate (not shown) including a signature verification key corresponding to the signature generation key.
- the public key certificate is obtained by signing a signature verification key by a certificate issuing center (not described in the overall configuration).
- the signature generation may be performed for a hash value of a value obtained by combining the device history certificate and the proposal information.
- FIG. 38 is a block diagram illustrating an example of the configuration of the service provider server 300b according to Embodiment 3.
- the service provider server 300b includes a history DB control unit 301B, a temporary identifier generation unit 302, a history DB 303, a communication unit 304A, an encryption processing unit 311, a certificate verification unit 312 and a certificate generation unit 313.
- the component which has the function similar to FIG. 7 and FIG. 23 attaches
- the service provider server 300b includes a configuration of an encryption processing unit 311, a certificate verification unit 312 and a certificate generation unit 313, and a history DB control unit 301B.
- the configuration of is different.
- the service provider server 300b differs from the service provider server 300c of the first embodiment in the configuration of the history DB control unit 301B.
- the history DB control unit 301B transmits the device history certificate received from the portal server 200b to the encryption processing unit 311.
- the history DB control unit 301 ⁇ / b> B transmits it to the certificate verification unit 312.
- the certificate verification unit 312 successfully verifies the certificate
- the history DB control unit 301B specifies a user who matches the personal information decrypted from the personal information DB of the history DB 303 from the personal information.
- the history DB control unit 301B requests the certificate generation unit 313 to generate a service history certificate for the temporary identifier, the device history certificate, and the service history.
- FIG. 39 is a diagram illustrating an example of the configuration of the service history certificate according to the third embodiment.
- the operation of the information management system 12 includes the following.
- FIG. 40 is a sequence showing user registration processing according to the third embodiment.
- SSL authentication is performed between the manufacturer server 100b and the user terminal 500 to establish an encrypted communication path.
- the SSL authentication and SSL communication path will not be described in detail here.
- the user terminal 500 transmits the user ID to the manufacturer server 100b. If the transmitted user ID is already registered, the maker server 100b notifies the user terminal 500 to that effect and ends the registration process. On the other hand, if the transmitted user ID is unregistered, the fact that new registration is possible is transmitted to the user terminal 500.
- the user inputs a password (PW) and personal information according to a predetermined format via the user terminal 500.
- PW password
- the manufacturer server 100b presents a list of service providers that can provide personal information to the user.
- the user selects a service provider that may provide personal information via the user terminal 500.
- the personal information of the user and the selected service provider are recorded in the personal information DB included in the history DB 105 of the manufacturer server 100b.
- FIGS. 41 to 44 are sequence diagrams of the proposing information providing process according to the third embodiment.
- the provision of the proposal information is performed regularly or irregularly.
- SSL authentication is performed between the manufacturer server 100b and the portal server 200b to establish an encrypted communication path.
- the manufacturer server 100b selects a user who wants to provide a service, and generates a temporary identifier from the user ID.
- the manufacturer server 100b encrypts the personal information with the service provider's encryption key if the user permits the service provider to provide the personal information.
- the manufacturer server 100b generates a signature for the temporary identifier, the encrypted personal information, and the device history, and generates a device history certificate.
- the device history certificate and the public key certificate are transmitted from the maker server 100b to the portal server 200b.
- the portal server 200b receives the device history certificate and the public key certificate from the manufacturer server 100b, and verifies the device history certificate.
- verification of the device history certificate fails, an error is notified to the maker server 100b.
- the portal server 200b performs SSL authentication with the service provider server 300b corresponding to the service provider ID described in the device history certificate, and performs encryption. Establish a communication channel.
- the portal server 200b transmits a service history certificate acquisition request related to the device history certificate together with the device history certificate and the public key certificate to the service provider server 300b.
- the service provider server 300b receives the device history certificate and the public key certificate from the portal server 200b, and verifies the device history certificate. When verification of the device history certificate fails, an error is notified to the portal server 200b.
- the service provider server 300b decrypts the encrypted personal information of the device history certificate.
- a user that matches the personal information registered in the personal information DB is identified from the decrypted personal information.
- the service provider server 300b generates a temporary identifier from the user ID of the identified user.
- the service provider server 300b generates a signature for the identified temporary identifier, service history, and device history certificate of the user, and generates a service history certificate.
- the service provider server 300b transmits a service history certificate and a public key certificate to the portal server 200b.
- the portal server 200b receives the service history certificate and the public key certificate from the service provider server 300b, and verifies the service history certificate.
- verification of the service history certificate fails, an error is notified to the service provider server 300b.
- the portal server 200b when the verification of the service history certificate is successful, the portal server 200b generates proposal information based on the device history and the service history.
- the portal server 200b generates a signature for the generated proposal information and the device history certificate, and generates a proposal information certificate.
- the portal server 200b transmits the generated proposal information certificate to the manufacturer server.
- the manufacturer server 100b verifies the received proposal information certificate. If verification of the proposal information certificate fails, an error is notified to the portal server 200b.
- the manufacturer server 100b searches for the device history certificate in the history DB from the device history certificate included in the proposal information certificate. Then, the maker server 100b searches for a user ID corresponding to the temporary identifier included in the searched device history certificate, and specifies a user ID that provides proposal information.
- the manufacturer server 100b provides proposal information to the specified user ID.
- the proposal information includes the control information of the device 400
- the user terminal 500 is notified that the device control information is included in the proposal information, and when the user terminal 500 receives a notification of OK, the control is performed. Send information.
- the proposal information does not include the control information of the device 400
- the notification is not performed and the proposal information is transmitted to the user terminal 500.
- the manufacturer server 100b, the portal server 200b, and the service provider server 300 are linked to each other. Proposal information can be provided to the user.
- the manufacturer server 100b and the service provider server 300b can provide the portal server 200 with the device history and service history of the same user.
- the service provider server 300b can decrypt the user information (personal information) for the device history. Anonymity to the portal server 200b is realized by sending it encrypted. Further, the service provider server 300b can provide the portal server 200b with a service history for the decrypted personal information (user information), and the portal server 200b can generate proposal information from the device history and service history of the user.
- the portal server 200b can generate the proposal information while protecting the privacy of the user.
- the user registers the user's personal information only when registering with the manufacturer server 100b or the service provider server 300b, and the user does not provide the personal information to the portal server 200b.
- the proposal information can be acquired from the portal server 200b based on the information that associates the device history with the service history.
- the present invention is not limited to this embodiment. Unless it deviates from the gist of the present invention, one or more of the present invention may be applied to various modifications that can be conceived by those skilled in the art, or forms constructed by combining components in different embodiments. It may be included within the scope of the embodiments.
- the device history certificate is composed of a temporary identifier, a device history, and a manufacturer signature, but the present invention is not limited to this.
- an expiration date may be included as shown in FIG.
- FIG. 45 is a diagram illustrating an example of the configuration of a device history certificate including an expiration date.
- the proposal information is not suitable for the user. 45.
- the proposal information using the expired device history is not provided to the user, and the proposal information using the new device history is received for the user. Can do.
- the device history information is uploaded directly from the device 400 to the maker server 100 or the like, but may be uploaded via the user terminal 500.
- the device 400 and the user terminal 500 may be connected via a local communication path or a near communication path such as NFC (Near Field Communication).
- the maker server 100 generates a temporary identifier each time the device server 100 provides a device history certificate to the portal server 200.
- the present invention is not limited to this. For example, it may be changed after a certain period of time, or may be changed when the number of times of sending the device history certificate exceeds a predetermined threshold. Thereby, proposal information can be provided by combining a plurality of device history information.
- FIG. 46 is a diagram illustrating an example of a provision data list of device history information. That is, the manufacturer server 100 determines which period of device history information is to be provided in the user's past device history according to the provided data list shown in FIG. For example, when providing the device history of the body composition meter, as shown in FIG. 46, the manufacturer server 100 determines that the device history certificate includes one week of device history. FIG. 46 shows that when a device history certificate is generated using the same temporary identifier, up to twice is permitted. The history period and the allowable number of transmissions may be determined by the manufacturer server 100, or may be determined in response to a request from the user or the portal server 200. Moreover, even after determination, it may be possible to change.
- the portal server 200 or the like acquires the service history from the service provider server 300 or the like, but is not limited to this example.
- the manufacturer server 100 or the like may acquire the service history from the service provider server 300 or the like. Processing for providing proposal information from the portal server 200 or the like at this time will be described below.
- 47 to 49 are sequence diagrams of processing for providing proposal information from the portal server 200 to the user.
- SSL authentication is performed between the manufacturer server 100 and the service provider server 300 to establish an encrypted communication path.
- the manufacturer server 100 selects a user who wants to provide a service, and transmits to the service provider server 300 an acquisition request for a service history related to a device owned by the user who wants to provide the service.
- the service provider server 300 when the service provider server 300 receives the service information acquisition request from the manufacturer server 100, the service provider server 300 generates a temporary identifier from the user ID and transmits the temporary identifier and the service history to the manufacturer server 100.
- SSL authentication is performed between the manufacturer server 100 and the portal server 200 to establish an encrypted communication path.
- the manufacturer server 100 generates a temporary identifier from the user ID of the selected user.
- the maker server 100 generates a signature for the temporary identifier and the device history, and generates a device history certificate.
- the manufacturer server 100 transmits the service history to the portal server 200 together with the generated device history certificate and public key certificate.
- the portal server 200 receives the device history certificate, the public key certificate, and the service history from the manufacturer server 100, and verifies the device history certificate.
- verification of the device history certificate fails, an error is notified to the manufacturer server 100.
- the portal server 200 generates proposal information based on the device history and the service history.
- FIG. 50 is a diagram illustrating an example of the configuration of the proposal information certificate.
- the proposal information certificate shown in FIG. 50 has a device history certificate, a service history, and proposal information associated with each other and a signature (portal server signature) generated with a signature generation key held in the certificate generation unit 203. It is a certificate.
- the portal server 200 transmits the generated proposal information certificate to the manufacturer server 100.
- the manufacturer server 100 verifies the received proposal information certificate.
- verification of the proposal information certificate fails, an error is notified to the portal server 200.
- the manufacturer server 100 searches for the device history certificate in the history DB using the device history certificate included in the proposal information certificate.
- the manufacturer server 100 searches for a user ID corresponding to the temporary identifier included in the searched device history certificate, and specifies the user ID that provides the proposal information.
- the manufacturer server 100 provides proposal information to the specified user ID.
- the proposal information includes the control information of the device 400
- the user terminal 500 is notified that the device control information is included in the proposal information, and when the user terminal 500 receives a notification of OK, the control is performed.
- Send information When the proposal information does not include the control information of the device 400, the above notification is not performed and the proposal information is transmitted to the user terminal 500.
- the maker server 100 can acquire the proposal information from the user by providing the portal server 200 with only the service history related to the device history.
- the service information acquisition request is made from the portal server 200 to the service provider server 300 when the certificate verification process is successful in S134.
- the present invention is not limited to this example.
- service information acquisition requests may be made from the portal server 200 to the service provider server 300 periodically or irregularly, and the service information may be accumulated in the portal server 200.
- the service history provided from the service provider server 300 is composed of a temporary identifier and a service history, but the present invention is not limited to this.
- a signature may be generated for the temporary identifier and the service history, and a service history certificate including the temporary identifier, the service history, and the signature may be used.
- the service provider server 300 may acquire the proposal information based on the service history and the device history and the proposal information certificate including the service history certificate from the portal server 200.
- the service provider server 300 may include a certificate generation unit and a certificate verification unit. Thereby, not only the manufacturer server 100 but also the service provider server 300 can acquire the proposal information, and can provide the proposal information to the user.
- the device history and the service history provide all information stored in the history DB 105, but the present invention is not limited to this.
- the latest one day or one history may be provided, or the latest several days or several histories may be provided.
- device control information is provided from the portal server 200 or the like to the device 400.
- the portal server 200 or the like generates a signature of the device control information and verifies it by the device 400. It is good.
- FIG. 51 is a diagram illustrating an example of the overall configuration of the information management system 11A.
- An information management system 11A illustrated in FIG. 51 includes a maker server 100a, a service provider server 300, a device 400, and a user terminal 500.
- the maker server 100a includes a proposal information generation unit and a proposal information DB having functions similar to the proposal information generation unit 201 and the proposal information DB 202 of the portal server 200. do it.
- the device history selects one user (one user) and provides all the information stored in the history DB 105.
- the present invention is not limited to this. .
- device history of a plurality of users may be provided.
- FIG. 52 is a diagram illustrating an example of the configuration of a device history certificate including device histories of a plurality of users.
- the manufacturer server 100 combines the device history certificates for one user, and further generates a signature for the device history certificates for two users.
- the hash values of the device history certificates for two users may be combined and the combined hash value may be signed.
- the hash values of the temporary identifier 1, the device history 1 and the manufacturer signature 1 or the hash values obtained by combining the hash values, and the hash values of the temporary identifier 2, the device history 2 and the manufacturer signature 2 or The hash values obtained by combining are combined, and the combined hash value is signed.
- the manufacturer server 100 detects the verification by verifying the proposal information. can do.
- the device history certificate is generated from the device histories of a plurality of users.
- the present invention is not limited to this.
- the device history of users who do not provide proposal information may not be provided to the portal server 200 as a hash value.
- the hash of the device history 2 is stored in the device history 2 area. The value may be replaced. Thereby, the portal server 200 cannot acquire the device history 2.
- the device history 2 is portaled.
- a signature can be generated without providing it to the server 200. Further, the verification of the proposal information certificate can be similarly verified.
- the portal server 200 generates the proposal information for one user identified by the temporary identifier, but the present invention is not limited to this.
- the proposal information may be generated for users having the same attribute information in the temporary identifiers of a plurality of device history certificates.
- the portal server 200 generates a diet program for users who are female in their 30s having the same attribute information from the temporary identifiers of a plurality of device history certificates, and sends the same proposal information to each device history certificate.
- a diet program for women in their 30s, which is proposal information, may be provided to a user corresponding to the temporary identifier.
- proposal information can be provided to more users by providing proposal information not only to one user but also to a plurality of users all at once.
- the portal server 200 generates a signature for the proposal information and the device history certificate, and generates the proposal information certificate.
- a signature may be generated for the temporary identifier and the proposal information included in the device history certificate and used as the proposal information certificate.
- the personal information is encrypted by the portal server 200b and the encrypted personal information is decrypted by the service provider server 300b to identify the user.
- the present invention is not limited to this.
- the personal information of the user registered in the service provider server 300b may be encrypted and decrypted by the portal server 200b.
- the anonymization rule is generated by the portal server 200c and transmitted to the maker server 100c, the service provider server 300c, etc., and the anonymization is performed.
- the present invention is not limited to this.
- the manufacturer server 100c, the service provider server 300c, and the like may generate an anonymization rule.
- each of the above devices is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or hard disk unit.
- Each device achieves its functions by the microprocessor operating according to the computer program.
- the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.
- each of the above devices may be configured by one system LSI (Large Scale Integration).
- the system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on a single chip, and specifically, a computer system including a microprocessor, ROM, RAM, and the like. .
- a computer program is stored in the RAM.
- the system LSI achieves its functions by the microprocessor operating according to the computer program.
- each part of the constituent elements constituting each of the above devices may be individually made into one chip, or may be made into one chip so as to include a part or all of them.
- the system LSI is used here, it may be called IC, LSI, super LSI, or ultra LSI depending on the degree of integration. Further, the method of circuit integration is not limited to LSI's, and implementation using dedicated circuitry or general purpose processors is also possible.
- An FPGA Field Programmable Gate Array
- a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.
- Part or all of the constituent elements constituting each of the above-described devices may be configured from an IC card or a single module that can be attached to and detached from each device.
- the IC card or the module is a computer system including a microprocessor, ROM, RAM, and the like.
- the IC card or the module may include the super multifunctional LSI described above.
- the IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.
- the present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
- the present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray ( (Registered trademark) Disc), or recorded in a semiconductor memory or the like.
- the digital signal may be recorded on these recording media.
- the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.
- the present invention may be a computer system including a microprocessor and a memory, the memory storing the computer program, and the microprocessor operating according to the computer program.
- the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and executed by another independent computer system. It is good.
- an information management system includes a first management server that collects and manages device history, a second management server that collects and manages service history, and the device history. And a third management server that uses the service history, and a device that transmits the device history to the first management server, wherein the first management server includes the device history and the device history.
- a first history DB that stores user information related to the device history, a first encryption processing unit that encrypts the user information and calculates encrypted user information, the encrypted user information, and the device history.
- a first signature generation unit that generates a first signature for the device, and a first provision unit that provides device history information including the encrypted user information, the device history, and the first signature to the second management server And be prepared
- the second management server includes a second history DB that stores the service history and user information related to the service history, and a second encryption that decrypts the encrypted user information and obtains user information.
- a processing unit; and a second providing unit that retrieves the service history of the history DB based on the user information and provides the service history to the third server, wherein the third management server includes the device history information and A proposal information generation unit that generates proposal information based on the service history information may be provided.
- the second management server further includes a second signature generation unit that generates a second signature for the device history information and the service history, and the second Provides the service history information including the device history information, the service history, and the second signature to the third management server, and the third management server further verifies the signature of the service history information.
- a verification unit may be provided.
- the third management server further includes a third signature generation unit that generates a third signature for the device history information and the proposal information, A third providing unit for providing the second management information including the device history information, the proposal information, and the second signature to the first management server, wherein the first management server further includes the second management information; A verification unit that verifies the signature of the proposal information may be provided.
- the first management server further includes a control information generation unit that generates control information for the device, and the verification unit succeeds in signature verification. Only the control information generation unit may generate control information.
- the device history information further includes an expiration date of the device history information
- the verification unit of the first management server further includes the second proposal information. The expiration date of the device history information included in the device history information may be verified.
- the first providing unit further includes the device history stored within a predetermined period of the device history stored in the first history DB.
- the first providing unit may manage a list in which the predetermined period and a predetermined threshold of the number of times of providing are recorded.
- an information management system includes a first management server that collects and manages device history, a second management server that collects and manages service history, and the device history. And a third management server that uses the service history, and a device that transmits the device history to the first management server, wherein the first management server includes the device history and the device history.
- a history DB that stores user information related to the device history, a temporary identifier generation unit that generates a temporary identifier from the user information, a signature generation unit that generates a first signature for the temporary identifier and the device history, A first providing unit for providing device history information including the temporary identifier, the device history, and the first signature to a third management server, wherein the second management server includes the service A second providing unit that provides a history to the third server, and the third management server includes a proposal information generating unit that generates proposal information based on the device history and the service history. Good.
- the third management server further generates a second signature for the device history information and the proposal information, the device history information, 2nd provision means which provides the 2nd proposal information containing proposal information and the said 2nd signature to a 1st management server,
- the said 1st management server is further the signature of the said 2nd proposal information It is good also as providing the verification part which verifies.
- the first management server further includes a control information generation unit that generates control information for the device, and the signature verification unit succeeded in signature verification. Only in this case, the control information generation unit may generate control information.
- the device history information further includes the temporary identifier and an expiration date of the device history
- the verification unit of the first management server further includes the second The expiration date of the device history information included in the proposal information may be verified.
- the present invention can be used for an information management method and an information management system.
- the information management of a portal server or the like in which personal information is not provided in consideration of user privacy in cooperation with a plurality of servers operating independently of each other.
- the present invention can be used for an information management method and an information management system provided with a device.
- Information management system 100 100a, 100b, 100c Manufacturer server 101, 101A, 101B History DB control unit 102 Temporary identifier generation unit 103, 103A, 103B, 203, 203A, 203B Certificate generation unit 104, 204, 204A Certificate verification unit 105, 303 History DB 106 Device control instruction unit 107 Device control information DB 108, 108A, 205, 205A, 304, 304A Communication unit 111 Cryptographic processing unit 121, 321 Anonymization unit 200, 200b, 200c Portal server 201, 201A, 201B Proposal information generation unit 202 Proposal information DB 211 Anonymization rule generation unit 300, 300b, 300c, 300d, 300e Service provider server 301, 301A, 301B History DB control unit 302 Temporary identifier generation unit 311 Cryptographic processing unit 312 Certificate verification unit 313 Certificate generation unit 400 Device 500 User Terminal
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Game Theory and Decision Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
1.システムの構成
以下、実施の形態1に係る情報管理システム13について図面を参照しながら説明する。
図1は、実施の形態1に係る情報管理システムの全体構成の一例を示す図である。情報管理システム13は、メーカサーバ100c、ポータルサーバ200c、サービスプロバイダサーバ300c~300e、機器400、および、ユーザ端末500から構成される。
図2は、実施の形態1に係るメーカサーバ100cの構成の一例を示すブロック図である。メーカサーバ100cは、第1のサーバの一例であり、履歴DB制御部101、一時識別子生成部102、証明書生成部103、証明書検証部104、履歴DB105、機器制御指示部106、機器制御情報DB107、通信部108、および、匿名化部121を備える。
図4は、実施の形態1に係るポータルサーバ200cの構成の一例を示すブロック図である。ポータルサーバ200cは、情報を管理する情報管理装置の一例であり、提案情報生成部201、提案情報DB202、証明書生成部203、証明書検証部204、通信部205、および、匿名化ルール生成部211を備える。
図7は、実施の形態1に係るサービスプロバイダサーバ300cの構成の一例を示すブロック図である。なお、サービスプロバイダサーバ300dおよび300eは、サービスプロバイダサーバ300cと同様の構成であるため、ここではサービスプロバイダサーバ300cについてのみ説明を行う。
情報管理システム13の動作には、以下のものがある。
(2)ユーザがメーカサーバ100cに家電機器を登録するときの処理
(3)ユーザの機器400から家電履歴情報を機器履歴DBにアップロードするときの処理
(4)ポータルサーバ200からユーザに提案情報を提供する処理
図9から図12は、ポータルサーバ200cからユーザに提案情報を提供する処理のシーケンス図である。なお、この提案情報の提供は、定期的または不定期に行われる。
以上、実施の形態1によれば、ポータルサーバ200cが提供する匿名化ルールに従って匿名化されたユーザ情報を用いることで、メーカサーバ100cとポータルサーバ200cとサービスプロバイダサーバ300c等とを連携させることができるので、ポータルサーバ200cは、ユーザの機器履歴と当該ユーザと同一または類似のサービス履歴とを用いてサービスの提案情報を当該ユーザに提供することができる。なお、メーカサーバ100cとサービスプロバイダサーバ300c等は、ポータルサーバ200cに対して、ユーザが特定できないもののサービスの提案情報を作成できる程度に匿名化されたユーザ情報を提供するに留まる。つまり、メーカサーバ100cとサービスプロバイダサーバ300c等は、ポータルサーバ200cに対してユーザの個人情報を提供しない。このようにして、ユーザのプライバシを保護しつつ、提案情報を生成することができる情報管理方法および情報管理システムを実現することができる。
2.システムの構成
以下、実施の形態2に係る情報管理システム10について、図面を参照しながら説明する。
図13は、実施の形態2に係る情報管理システムの全体構成の一例を示す図である。情報管理システム11は、メーカサーバ100、ポータルサーバ200、サービスプロバイダサーバ300、機器400、および、ユーザ端末500を備える。なお、実施の形態1と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
図14は、実施の形態2に係るメーカサーバ100の構成の一例を示すブロック図である。図14に示すメーカサーバ100は、履歴DB制御部101A、一時識別子生成部102、証明書生成部103A、証明書検証部104、履歴DB105、機器制御指示部106、機器制御情報DB107、通信部108から構成される。このメーカサーバ100は、実施の形態1のメーカサーバ100cに対して、匿名化部121がない点で構成が異なる。
図19は、実施の形態2に係るポータルサーバ200の構成の一例を示すブロック図である。ポータルサーバ200は、提案情報生成部201A、提案情報DB202、証明書生成部203A、証明書検証部204A、および、通信部205を備える。ポータルサーバ200は、実施の形態1のメーカサーバ100cと比較して、匿名化ルール生成部211がない点で構成が異なる。
提案情報生成部201Aは、メーカサーバ100から受信した一時識別子と機器履歴と、サービスプロバイダから受信した一時識別子とサービス情報とに基づいて、提案情報を生成する。以下では、ダイエットプログラムを提案情報として生成する場合の例を説明する。
図23は、実施の形態2に係るサービスプロバイダサーバ300の構成の一例を示すブロック図である。サービスプロバイダサーバ300は、履歴DB制御部301A、一時識別子生成部302、履歴DB303、および、通信部304Aを備える。サービスプロバイダサーバ300は、実施の形態1のサービスプロバイダサーバ300c等と比較して、匿名化部321がない点で構成が異なる。
情報管理システム10の動作には、以下のものがある。
(2)ユーザがメーカサーバ100に家電機器を登録するときの処理
(3)ユーザの機器400から家電履歴情報を機器履歴DBにアップロードするときの処理
(4)ポータルサーバ200からユーザに提案情報を提供する処理
図27は、ユーザがユーザ端末500を用いてメーカサーバ100に登録するときのシーケンス図である。
図28は、ユーザがユーザ端末500を用いて自身の家電機器400を登録するときのシーケンス図である。ここで、ユーザは、ユーザ端末500において、例えば、メーカアプリ(図示しない)を起動して登録処理を行うとして説明する。なお、ユーザは、ユーザ端末500を用いてメーカサーバ100に接続して登録するとしてもよい。
図29は、機器400が機器履歴情報をアップロードするときのシーケンス図である。なお、アップロードは、定期的または不定期に行われる。
図30~図32は、実施の形態2に係るポータルサーバ200からユーザに提案情報を提供するときのシーケンス図である。なお、この提案情報の提供は、定期的または不定期に行われる。
以上、実施の形態2によれば、一時識別子を用いることで、メーカサーバ100、ポータルサーバ200、および、サービスプロバイダサーバ300を連携させることができるので、ポータルサーバ200は、ユーザにサービスの提案情報を提供することができる。
3.システムの構成
以下、実施の形態3に係る情報管理システム12について、図面を参照しながら説明する。
図33は、実施の形態3に係る情報管理システムの全体構成の一例を示す図である。情報管理システム12は、メーカサーバ100b、ポータルサーバ200b、サービスプロバイダサーバ300b、機器400、および、ユーザ端末500を備える。なお、実施の形態1および2と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
図34は、実施の形態3に係るメーカサーバ100bの構成の一例を示すブロック図である。図34に示すメーカサーバ100は、履歴DB制御部101B、一時識別子生成部102、証明書生成部103B、証明書検証部104、履歴DB105、機器制御指示部106、機器制御情報DB107、通信部108A、および暗号処理部111から構成される。このメーカサーバ100bは、実施の形態2のメーカサーバ100の構成に加えて、暗号処理部111を備える。
ポータルサーバ200bは、実施の形態2のポータルサーバ200と同様の構成である。すなわち、ポータルサーバ200bは、提案情報生成部201B、提案情報DB202、証明書生成部203B、証明書検証部204A、および、通信部205を備える。
図38は、実施の形態3に係るサービスプロバイダサーバ300bの構成の一例を示すブロック図である。サービスプロバイダサーバ300bは、履歴DB制御部301B、一時識別子生成部302、履歴DB303、通信部304A、暗号処理部311、証明書検証部312および証明書生成部313を備える。なお、図7および図23と同様の機能を有する構成要素は、同じ符号を付して説明を省略する。
情報管理システム12の動作には、以下のものがある。
(2)ユーザがメーカサーバ100bに家電機器を登録するときの処理
(3)ユーザの機器400から家電履歴情報を機器履歴DBにアップロードするときの処理
(4)ポータルサーバ200からユーザに提案情報を提供する処理
図40は、実施の形態3に係るユーザの登録処理を示すシーケンスである。
図41~図44は、実施の形態3に係る提案情報提供処理のシーケンス図である。なお、この提案情報の提供は、定期的または不定期に行われる。
以上、実施の形態3によれば、同一ユーザの機器履歴とサービス履歴とを用いることができるので、メーカサーバ100b、ポータルサーバ200b、および、サービスプロバイダサーバ300を連携させて、当該ユーザに提案情報を提供することができる。
100、100a、100b、100c メーカサーバ
101、101A、101B 履歴DB制御部
102 一時識別子生成部
103、103A、103B、203、203A、203B 証明書生成部
104、204、204A 証明書検証部
105、303 履歴DB
106 機器制御指示部
107 機器制御情報DB
108、108A、205、205A、304、304A 通信部
111 暗号処理部
121、321 匿名化部
200、200b、200c ポータルサーバ
201、201A、201B 提案情報生成部
202 提案情報DB
211 匿名化ルール生成部
300、300b、300c、300d、300e サービスプロバイダサーバ
301、301A、301B 履歴DB制御部
302 一時識別子生成部
311 暗号処理部
312 証明書検証部
313 証明書生成部
400 機器
500 ユーザ端末
Claims (15)
- 情報を管理する情報管理装置における情報管理方法であって、
ネットワークを介して、第1のサーバから、第1のユーザが使用する機器の動作履歴を示す機器履歴情報と、前記第1のユーザを特定可能な属性情報を含む第1のユーザ情報が所定ルールで匿名化された第1の匿名化ユーザ情報とを受信し、
ネットワークを介して、前記第1のサーバと異なる第2のサーバから、第2のユーザが享受したサービスの履歴を示すサービス履歴情報と、前記第2のユーザを特定可能な属性情報を含む第2のユーザ情報が前記所定ルールで匿名化された第2の匿名化ユーザ情報とを受信し、
前記第1の匿名化ユーザ情報と前記第2の匿名化ユーザ情報とが同一または類似すると判断された場合に、受信した前記機器履歴情報と前記サービス履歴情報とを関連付けて複合情報として管理する、
情報管理方法。 - 前記所定ルールは、前記第1のサーバが記憶する前記機器履歴情報により示される動作の種類と前記第2のサーバが記憶する前記サービス履歴情報により示されるサービスの種類との組み合わせに基づいて決定される、
請求項1に記載の情報管理方法。 - 前記所定ルールには、前記第1のユーザ情報および前記第2のユーザ情報に含まれる1以上の属性情報のうち、削除または抽象化すべき属性情報が規定されている、
請求項1または2に記載の情報管理方法。 - 前記第1の匿名化ユーザ情報および前記第2の匿名化ユーザ情報は、第1のユーザおよび第2のユーザにおける性別、年齢、年代、住所および職業のうち少なくとも一を属性情報として含む、
請求項1~3のいずれか1項に記載の情報管理方法。 - 前記複合情報に基づいて、前記第1のユーザに対するサービス提案を示す提案情報を生成し、
生成した前記提案情報を前記第1のサーバを介して前記第1のユーザへ提供する、
請求項1~4のいずれか1項に記載の情報管理方法。 - 前記提案情報は、前記機器を制御するための制御プログラムを含む情報である、
請求項5に記載の情報管理方法。 - 前記複合情報に基づいて前記第2のユーザに対するサービス提案を示す提案情報を生成し、
生成した前記提案情報を前記第2のサーバを介して前記第2のユーザへ提供する、
請求項1~4のいずれか1項に記載の情報管理方法。 - 前記第1のユーザと前記第2のユーザとは同一ユーザである、
請求項1~7のいずれか1項に記載の情報管理方法。 - 前記第1のユーザと前記第2のユーザとは異なるユーザである、
請求項1~7のいずれか1項に記載の情報管理方法。 - 前記サービス履歴情報は、前記第2のユーザが医療を含む健康管理に関するサービスを受けた履歴を含む情報である、
請求項1~9のいずれか1項に記載の情報管理方法。 - 前記サービス履歴情報は、前記第2のユーザが教育サービスを受けた履歴を含む情報である、
請求項1~9のいずれか1項に記載の情報管理方法。 - 前記サービス履歴情報は、前記第2のユーザが交通サービスを受けた履歴を含む情報である、
請求項1~9のいずれか1項に記載の情報管理方法。 - さらに、前記第1のサーバおよび前記第2のサーバに、ネットワークを介して、前記所定ルールを送信する、
請求項1~12のいずれか1項に記載の情報管理方法。 - 情報を管理する情報管理装置と、
第1のユーザが使用する機器の動作履歴を示す機器履歴情報と、前記第1のユーザを特定可能な属性情報を含む第1のユーザ情報とを記憶する第1のサーバと、
第2のユーザが享受したサービスの履歴を示すサービス履歴情報と、前記第2のユーザを特定可能な属性情報を含む第2のユーザ情報を記憶する第2のサーバと、を備え、
前記情報管理装置は、
ネットワークを介して、前記第1のサーバから、前記機器履歴情報と、前記第1のユーザ情報が所定ルールで匿名化された第1の匿名化ユーザ情報とを受信し、
ネットワークを介して、前記第2のサーバから、前記サービス履歴情報と、前記第2のユーザ情報が前記所定ルールで匿名化された第2の匿名化ユーザ情報とを受信し、
前記第1の匿名化ユーザ情報と前記第2の匿名化ユーザ情報とが同一または類似すると判断した場合に、受信した前記機器履歴情報と前記サービス履歴情報とを関連付けて複合情報として管理する、
情報管理システム。 - 前記情報管理装置は、さらに、
ネットワークを介して、前記第1のサーバおよび前記第2のサーバに、前記所定ルールを送信し、
前記第1のサーバは、
記憶している前記第1のユーザ情報を前記所定ルールで匿名化することで前記第1のユーザ情報から前記第1の匿名化ユーザ情報を生成し、
記憶している前記機器履歴情報と、生成した前記第1の匿名化ユーザ情報とを、前記情報管理装置に送信し、
前記第2のサーバは、
記憶している前記第2のユーザ情報を前記所定ルールで匿名化することで前記第2のユーザ情報から前記第2の匿名化ユーザ情報を生成し、
記憶している前記サービス履歴情報と、生成した前記第2の匿名化ユーザ情報とを、前記情報管理装置に送信する、
請求項14に記載の情報管理システム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/368,048 US9898620B2 (en) | 2012-09-28 | 2013-09-18 | Information management method and information management system |
JP2014520089A JP6152847B2 (ja) | 2012-09-28 | 2013-09-18 | 情報管理方法および情報管理システム |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261706910P | 2012-09-28 | 2012-09-28 | |
US61/706,910 | 2012-09-28 | ||
US201261720429P | 2012-10-31 | 2012-10-31 | |
US61/720,429 | 2012-10-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014050027A1 true WO2014050027A1 (ja) | 2014-04-03 |
Family
ID=50387470
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2013/005509 WO2014050027A1 (ja) | 2012-09-28 | 2013-09-18 | 情報管理方法および情報管理システム |
Country Status (3)
Country | Link |
---|---|
US (1) | US9898620B2 (ja) |
JP (5) | JP6152847B2 (ja) |
WO (1) | WO2014050027A1 (ja) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016151936A (ja) * | 2015-02-18 | 2016-08-22 | Kddi株式会社 | プライバシー保護装置、方法及びプログラム |
JP2016186783A (ja) * | 2014-08-07 | 2016-10-27 | パナソニックIpマネジメント株式会社 | 情報提供装置、情報提供方法、及び情報提供システム |
JP2018524659A (ja) * | 2015-07-24 | 2018-08-30 | グーグル エルエルシー | サーバログから識別子をリンクするためのブリッジ一致識別子の生成 |
WO2018220763A1 (ja) * | 2017-05-31 | 2018-12-06 | 株式会社日立製作所 | データ管理方法およびデータ分析システム |
JP2019046439A (ja) * | 2018-03-20 | 2019-03-22 | ヤフー株式会社 | 情報処理装置、情報処理方法、および情報処理プログラム |
JP2019128712A (ja) * | 2018-01-23 | 2019-08-01 | 三菱電機株式会社 | 情報提供装置、情報提供システム、情報提供方法及びプログラム |
JP2019523958A (ja) * | 2016-06-09 | 2019-08-29 | グリズリー・カンパニー・リミテッド | ビッグデータの非識別化処理方法 |
JP2020112922A (ja) * | 2019-01-09 | 2020-07-27 | 三菱電機株式会社 | サーバ装置およびデータ移転方法 |
JPWO2020240888A1 (ja) * | 2019-05-31 | 2020-12-03 | ||
JP2021026415A (ja) * | 2019-08-02 | 2021-02-22 | ミサワホーム株式会社 | 匿名化システム |
JP2021052292A (ja) * | 2019-09-24 | 2021-04-01 | 株式会社東芝 | データ転送制御装置、データ転送制御システム及びデータ転送制御方法 |
WO2022054650A1 (ja) * | 2020-09-08 | 2022-03-17 | ソフトバンク株式会社 | 情報送信装置、個人情報開示管理装置、及びプログラム |
JP7481215B2 (ja) | 2020-09-23 | 2024-05-10 | 株式会社TVer | 匿名加工装置、プログラム及び匿名加工方法 |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9898620B2 (en) * | 2012-09-28 | 2018-02-20 | Panasonic Intellectual Property Management Co., Ltd. | Information management method and information management system |
JP6204854B2 (ja) * | 2014-03-12 | 2017-09-27 | 株式会社Nttドコモ | 情報提供システム、情報提供方法、近距離通信デバイス、情報提供装置及びサーバ |
CH712285B1 (de) * | 2016-03-21 | 2020-04-30 | Krech Thomas | Daten-Netzwerk zur Umwandlung personalisierter persönlicher Daten in de-personalisierte persönliche Daten und Übermittlung der de-personalisierten Daten an einen Server. |
US11030580B2 (en) | 2016-05-23 | 2021-06-08 | Axon Enterprise, Inc. | Systems and methods for forming and operating an ecosystem for a conducted electrical weapon |
US11025408B2 (en) * | 2017-09-27 | 2021-06-01 | Cable Television Laboratories, Inc. | Provisioning systems and methods |
JP6342094B1 (ja) * | 2018-01-30 | 2018-06-13 | 株式会社アドイン研究所 | 情報処理システム、情報処理方法及びプログラム |
US11977659B2 (en) * | 2018-06-07 | 2024-05-07 | Convida Wireless, Llc | Data anonymization for service subscriber's privacy |
JP7145706B2 (ja) * | 2018-09-18 | 2022-10-03 | 日本放送協会 | ユーザ情報管理装置、ユーザ情報登録装置、ユーザ情報取得装置およびそれらのプログラム |
US10453017B1 (en) * | 2019-03-07 | 2019-10-22 | Lookout, Inc. | Computer systems and methods to protect user credential against phishing |
JP7008661B2 (ja) * | 2019-05-31 | 2022-01-25 | 本田技研工業株式会社 | 認証システム |
US20220197895A1 (en) * | 2019-06-27 | 2022-06-23 | Panasonic Intellectual Property Management Co., Ltd. | Information management system, information management device, and information management method |
US11588646B2 (en) * | 2019-09-05 | 2023-02-21 | Cisco Technology, Inc. | Identity-based application and file verification |
JP7392452B2 (ja) * | 2019-12-20 | 2023-12-06 | 日本電気株式会社 | ルール生成装置、情報処理システム、ルール生成方法、情報処理方法、及びプログラム |
JP7445135B2 (ja) | 2020-08-27 | 2024-03-07 | 富士通株式会社 | 通信プログラム、通信装置、通信方法、及び通信システム |
KR102465768B1 (ko) * | 2021-10-18 | 2022-11-15 | 주식회사 아이스크림에듀 | 개인화 맞춤형 학습분석 제공 시스템 |
GB202205929D0 (en) | 2022-04-22 | 2022-06-08 | Nicoventures Trading Ltd | Processing |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002032453A (ja) * | 2000-07-18 | 2002-01-31 | Nippon Telegr & Teleph Corp <Ntt> | プライバシ保護方法および装置とプライバシ保護プログラムを記録した記録媒体 |
JP2005332087A (ja) * | 2004-05-18 | 2005-12-02 | Nippon Telegr & Teleph Corp <Ntt> | おすすめ番組提供方法、おすすめ番組提供装置およびおすすめ番組提供プログラム |
US20110288907A1 (en) * | 2008-04-14 | 2011-11-24 | Tra, Inc. | Using consumer purchase behavior for television targeting |
JP2012118878A (ja) * | 2010-12-02 | 2012-06-21 | Ntt Docomo Inc | リコメンドシステム及びリコメンド方法 |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6050924A (en) * | 1997-04-28 | 2000-04-18 | Shea; Michael J. | Exercise system |
JP2003271782A (ja) * | 2002-03-14 | 2003-09-26 | Nec Corp | 個人情報管理システム |
US7472423B2 (en) * | 2002-03-27 | 2008-12-30 | Tvworks, Llc | Method and apparatus for anonymously tracking TV and internet usage |
JP4429619B2 (ja) * | 2003-04-15 | 2010-03-10 | 三菱電機株式会社 | 情報提供装置 |
US20060010098A1 (en) * | 2004-06-04 | 2006-01-12 | Goodnow Timothy T | Diabetes care host-client architecture and data management system |
US8713090B2 (en) * | 2006-12-15 | 2014-04-29 | Microsoft Corporation | Enhancing user experiences using aggregated device usage data |
JP2008234041A (ja) * | 2007-03-16 | 2008-10-02 | Oki Electric Ind Co Ltd | コンテキスト共有システム、コンテキスト共有方法、クライアント及びサーバ |
US20090094281A1 (en) * | 2007-10-04 | 2009-04-09 | Jung Edward K Y | Systems and methods for transferring combined epigenetic information and other information |
JP2009159317A (ja) | 2007-12-26 | 2009-07-16 | Toshiba Corp | 匿名サービス提供システム、装置、プログラム及び方法 |
US8621234B2 (en) * | 2007-12-28 | 2013-12-31 | Koninklijke Philips N.V. | Information interchange system and apparatus |
US8000993B2 (en) * | 2008-04-14 | 2011-08-16 | Tra, Inc. | Using consumer purchase behavior for television targeting |
US20110015969A1 (en) * | 2009-07-20 | 2011-01-20 | Telcordia Technologies, Inc. | System and method for collecting consumer information preferences and usage behaviors in well-defined life contexts |
CN102473227B (zh) * | 2009-07-31 | 2015-06-24 | 日本电气株式会社 | 信息管理设备、信息管理方法和信息管理程序 |
US9202230B2 (en) * | 2010-04-06 | 2015-12-01 | Intel Corporation | Techniques for monetizing anonymized context |
CA2714224C (en) * | 2010-06-18 | 2011-10-25 | Guest Tek Interactive Entertainment Ltd. | Controller for providing user-tailored entertainment experience at entertainment device and method thereof |
JP5979004B2 (ja) * | 2010-11-16 | 2016-08-24 | 日本電気株式会社 | 情報処理システム及び匿名化方法 |
US8365213B1 (en) * | 2011-03-18 | 2013-01-29 | Robert Orlowski | System and method for measuring television advertising and program viewing at a second-by-second level and for measuring effectiveness of targeted advertising |
US9015142B2 (en) * | 2011-06-10 | 2015-04-21 | Google Inc. | Identifying listings of multi-site entities based on user behavior signals |
CA2748698A1 (en) * | 2011-08-10 | 2013-02-10 | Learningmate Solutions Private Limited | System, method and apparatus for managing education and training workflows |
JP5742630B2 (ja) * | 2011-09-28 | 2015-07-01 | 富士通株式会社 | 情報処理方法及び装置 |
US8621653B2 (en) * | 2011-12-12 | 2013-12-31 | Microsoft Corporation | Secure location collection and analysis service |
US9721105B2 (en) * | 2012-01-18 | 2017-08-01 | Nokia Technologies Oy | Method and apparatus for generating privacy ratings for applications |
US20130227225A1 (en) * | 2012-02-27 | 2013-08-29 | Nokia Corporation | Method and apparatus for determining user characteristics based on use |
US20130297387A1 (en) * | 2012-05-01 | 2013-11-07 | Joseph Michael | Systems and methods for monitoring, managing, and facilitating communications and/or transactions relating to transportation infrastructure utilization |
US9898620B2 (en) * | 2012-09-28 | 2018-02-20 | Panasonic Intellectual Property Management Co., Ltd. | Information management method and information management system |
-
2013
- 2013-09-18 US US14/368,048 patent/US9898620B2/en active Active
- 2013-09-18 WO PCT/JP2013/005509 patent/WO2014050027A1/ja active Application Filing
- 2013-09-18 JP JP2014520089A patent/JP6152847B2/ja active Active
-
2017
- 2017-05-15 JP JP2017096338A patent/JP6435584B2/ja active Active
-
2018
- 2018-10-25 JP JP2018201120A patent/JP6646827B2/ja active Active
-
2019
- 2019-12-17 JP JP2019227294A patent/JP6839890B2/ja active Active
-
2021
- 2021-02-02 JP JP2021015137A patent/JP2021089749A/ja active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002032453A (ja) * | 2000-07-18 | 2002-01-31 | Nippon Telegr & Teleph Corp <Ntt> | プライバシ保護方法および装置とプライバシ保護プログラムを記録した記録媒体 |
JP2005332087A (ja) * | 2004-05-18 | 2005-12-02 | Nippon Telegr & Teleph Corp <Ntt> | おすすめ番組提供方法、おすすめ番組提供装置およびおすすめ番組提供プログラム |
US20110288907A1 (en) * | 2008-04-14 | 2011-11-24 | Tra, Inc. | Using consumer purchase behavior for television targeting |
JP2012118878A (ja) * | 2010-12-02 | 2012-06-21 | Ntt Docomo Inc | リコメンドシステム及びリコメンド方法 |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016186783A (ja) * | 2014-08-07 | 2016-10-27 | パナソニックIpマネジメント株式会社 | 情報提供装置、情報提供方法、及び情報提供システム |
JP2016151936A (ja) * | 2015-02-18 | 2016-08-22 | Kddi株式会社 | プライバシー保護装置、方法及びプログラム |
JP2018524659A (ja) * | 2015-07-24 | 2018-08-30 | グーグル エルエルシー | サーバログから識別子をリンクするためのブリッジ一致識別子の生成 |
US11363006B2 (en) | 2015-07-24 | 2022-06-14 | Google Llc | Generating bridge match identifiers for linking identifiers from server logs |
US10652221B2 (en) | 2015-07-24 | 2020-05-12 | Google Llc | Generating bridge match identifiers for linking identifers from server logs |
JP2019523958A (ja) * | 2016-06-09 | 2019-08-29 | グリズリー・カンパニー・リミテッド | ビッグデータの非識別化処理方法 |
US11221986B2 (en) | 2017-05-31 | 2022-01-11 | Hitachi, Ltd. | Data management method and data analysis system |
WO2018220763A1 (ja) * | 2017-05-31 | 2018-12-06 | 株式会社日立製作所 | データ管理方法およびデータ分析システム |
JPWO2018220763A1 (ja) * | 2017-05-31 | 2019-11-07 | 株式会社日立製作所 | データ管理方法およびデータ分析システム |
JP7018774B2 (ja) | 2018-01-23 | 2022-02-14 | 三菱電機株式会社 | 情報提供装置、情報提供システム、情報提供方法及びプログラム |
JP2019128712A (ja) * | 2018-01-23 | 2019-08-01 | 三菱電機株式会社 | 情報提供装置、情報提供システム、情報提供方法及びプログラム |
JP2019046439A (ja) * | 2018-03-20 | 2019-03-22 | ヤフー株式会社 | 情報処理装置、情報処理方法、および情報処理プログラム |
JP2020112922A (ja) * | 2019-01-09 | 2020-07-27 | 三菱電機株式会社 | サーバ装置およびデータ移転方法 |
JPWO2020240888A1 (ja) * | 2019-05-31 | 2020-12-03 | ||
WO2020240888A1 (ja) * | 2019-05-31 | 2020-12-03 | パナソニックIpマネジメント株式会社 | 情報管理装置、および、情報管理方法 |
JP7308495B2 (ja) | 2019-05-31 | 2023-07-14 | パナソニックIpマネジメント株式会社 | 情報管理装置、および、情報管理方法 |
JP2021026415A (ja) * | 2019-08-02 | 2021-02-22 | ミサワホーム株式会社 | 匿名化システム |
JP7149905B2 (ja) | 2019-08-02 | 2022-10-07 | ミサワホーム株式会社 | 匿名化システム |
JP2021052292A (ja) * | 2019-09-24 | 2021-04-01 | 株式会社東芝 | データ転送制御装置、データ転送制御システム及びデータ転送制御方法 |
JP7123887B2 (ja) | 2019-09-24 | 2022-08-23 | 株式会社東芝 | データ転送制御装置、データ転送制御システム及びデータ転送制御方法 |
WO2022054650A1 (ja) * | 2020-09-08 | 2022-03-17 | ソフトバンク株式会社 | 情報送信装置、個人情報開示管理装置、及びプログラム |
JP7481215B2 (ja) | 2020-09-23 | 2024-05-10 | 株式会社TVer | 匿名加工装置、プログラム及び匿名加工方法 |
Also Published As
Publication number | Publication date |
---|---|
US9898620B2 (en) | 2018-02-20 |
JP6646827B2 (ja) | 2020-02-14 |
US20140325592A1 (en) | 2014-10-30 |
JP2019046488A (ja) | 2019-03-22 |
JP6152847B2 (ja) | 2017-06-28 |
JP6839890B2 (ja) | 2021-03-10 |
JP6435584B2 (ja) | 2018-12-12 |
JP2021089749A (ja) | 2021-06-10 |
JPWO2014050027A1 (ja) | 2016-08-22 |
JP2017168130A (ja) | 2017-09-21 |
JP2020047308A (ja) | 2020-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6839890B2 (ja) | 情報管理方法および情報管理システム | |
US11977659B2 (en) | Data anonymization for service subscriber's privacy | |
US20230099208A1 (en) | Records access and management | |
US11399079B2 (en) | Zero-knowledge environment based networking engine | |
EP3583526B1 (en) | Records access and management | |
JP5939580B2 (ja) | 匿名化データを名寄せするための名寄せシステム、並びに、その方法及びコンピュータ・プログラム | |
CN106960128B (zh) | 基于分布式验证技术的智慧医疗数据管理方法及系统 | |
US20130332987A1 (en) | Data collection and analysis systems and methods | |
CN114026823A (zh) | 用于处理匿名数据的计算机系统及其操作方法 | |
JP2016006553A (ja) | 情報提供方法、情報管理システムおよび端末機器の制御方法 | |
EP4014145A1 (en) | Secure information sharing systems and methods | |
JP5090425B2 (ja) | 情報アクセス制御システム及び方法 | |
CN107086914B (zh) | 基于大数据技术的个人健康数据综合分发方法及系统 | |
CN112106376B (zh) | 被配置为机顶盒的通用流媒体设备 | |
JP6403709B2 (ja) | 匿名化データを名寄せするための名寄せシステム、並びに、その方法及びコンピュータ・プログラム | |
KR102350614B1 (ko) | 블록체인 레지스트리를 이용한 건강데이터 교류 시스템 및 방법과 이를 수행하기 위한 프로그램을 기록한 기록매체 | |
Williams et al. | Privacy in Healthcare | |
KR20220064705A (ko) | 동의 코드 생성 장치, 이를 포함하는 건강 정보 교류 시스템 및 방법 | |
US20170357823A1 (en) | Security and limited, controlled data access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2014520089 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13842728 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14368048 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13842728 Country of ref document: EP Kind code of ref document: A1 |